Cleaning User Input (Removing HTML/stripping Slashes Etc...)
How can I remove HTML and add slashes to a variable?
I know I can add slashes with addslashes($var); but I need to know how to remove all HTML at the same time. Also - Are there any other characters I should strip from the variable (it will be stored in a database and displayed on a web page).
View Complete Forum Thread with Replies
See Related Forum Messages: Follow the Links Below to View Complete Thread
Cleaning Up User Form Input In Php
Does anyone please know why when trying to clear up user input that has been entered into a form, php only clears up most of it and not all? For example, using stripslashes to remove all slashes from a variable after a user has submitted quotation marks ("") into a form. The quotation marks cause the variable being parsed to contain slashes. e.g. a user enters """""" into a form , the variable returned to php becomes """"" So if I only wanted the quotation marks, I thought the stripslashes function would achieve this. However, it only removes 3 of the 5 slashes leaving 2 unwanted slashes behind.
Cleaning User Input, Is This Safe Enough?
I've written a small function that cleans up all user input before entering it to the DB. I'm wondering, is this sufficient or am I missing someting? function clean_text($text) { $text = str_replace("<", "<", $text); $text = str_replace(">", ">", $text); $text = strip_tags($text); $text = htmlspecialchars($text, ENT_NOQUOTES); $text = mysql_real_escape_string($text); return $text; }
Removing Slashes When Using Mail()
I have been sending emails using PHP with the mail() command/method. When I send them tho it adds slashes, for example: 'hi guy's' gets sent as 'hi guy's' Why is this? How do I sort this?
Cleaning MS Word Input
I have a problem with a form, and I have tried various permutations of htmlentities() and html_entity_decode() to resolve, but without success. Here is the workflow. 1: User pastes MS Word formatted text into form field. 2: Server uses mail() to send input text to mail client. 3: Recipient pastes text into html file. The problem is that MS Word contains peculiar characters for things like bullets, which come out as tabs, which then come out as different, but spurious, html characters in the html translation. Does anyone know of a function(s) that can clean up MS Word input into something that can be simply pasted as plain text without spurious characters?
Stripping Quotes From Form Input.
Is there a (better,quicker,easier) way of stripping anything other than text, and numbers without using an if statement to catch errors, and have them re-enter the info? I'd rather just strip them all together. Something like.. if I want to stip out anything other then the alphabet, and 1-9, so I don't have entries that look like this.. Quote: ..%blah''''""""";blah!!!@@@~``
Cleaning Html Tags
somebody knows any way to put off all html tags from a file. I want to store cleaning pages for information purposes.
Tool For Cleaning Up PHP Code - HTML Tidy Like
I have a bunch of files with PHP code. These files were written by multiple developers with different coding styles and is just so painful to read them. Could you recommend any tool I could use to clean up PHP code - something like "HTML Tidy for PHP"
Stripping Html
The TitleField in my DB reads: Some title <span class=BoldRed>*</span> This shows up correctly, with the asterisk in the correct format, when shown on the web. I also want to show this field without any of the formatting; i.e. Some title * I've tried: $notags = stripslashes($row['title']); and also $notags = htmlspecialchars($row['title']); but still get the tag info. How can I get rid of it?
Replacing Characters + Stripping HTML
I have a HTML parser that reads product pages from various retailers - and I want to optimize it somewhat: I download all HTML before I start the parsing - and to do that I want to: - Get rid of all HTML parts that I don't need, i.e. <head>, <title>, <javascript> etc. I'm considering using eregi_replace for this. Anyone have an example of how to set this up ? I tried this with no luck: $string = eregi_replace("<head>*</head>","", $string); - As some pages have special characters, I'd like to redo these to normal characters for ease when setting up new parser. Right now I have this (which I'm sure is not the fastest/best way): $cont = str_replace(".",".",$cont); $cont = str_replace(",",",",$cont); $cont = str_replace("£","£",$cont); $cont = str_replace("€","?",$cont); $cont = str_replace("'","'",$cont); $cont = str_replace("-","-",$cont); $cont = str_replace("(","(",$cont); $cont = str_replace(")",")",$cont); $cont = str_replace("[","[",$cont); $cont = str_replace("]","]",$cont); Any ideas to improve on this?
Stripping HTML Tags With Regular Expressions
So I need a regular expression to strip out all HTML tags EXCEPT the ones I've allowed. I think I almost have it, but I can't get the negation right.. "/</?(^IMG|A|FONT|B|I|U|STRONG|EM|CODE|PRE|H1|H2|H3|H4|H5|H6)(.*)>?/i" Now the ^ isn't negating because it's not in a class. So how would I negate all those tags (meaning match anything EXCEPT those?) Also, what's a better alternative to the .* match so that they can't just throw a newline in there and **** things up?
Stripping Html Text And Newline Characters From String
I have used the strip_tags function to remove html from a string with reasonable success. But it still leaves /r/n characters. I've hunted around on various forums for solutions, and every time someone suggests a solution, it actually doesnt work. Code:
Removing Some HTML With Preg_replace
I need to be able to upload a file (html) to the server and strip away everything up-to and including the <BODY> tag and everything from </BODY> down. I have a perl script that does this successfully using the following 2 lines... $progress_report =~s/^.*<BODY.*?>//s; $progress_report =~s/</BODY>.*//s; I want to be able to do this with php. Can anybody help me with this? I tried using hte regexp above in the preg_replace() function, but it did not work.
Removing Attribules From HTML
I just noticed that the firefox bookmarks page in over 500KB, while it displays on 22KB of text on the screen. I carry this file with me on my disk-on-key so it is important for it to be small. I want to parse entrys like this too make them smaller: Code:
Removing HTML Tags
I am using ajax, so I am manipulate the text with either php(prefer) or javascript. I have a text area where the user enters whatever. They click send and a 'js' function gets called and it calls my sendRequest function and sends over the data to my php file to be insert into my db. What I want to do is remove any of the html/js tags I can. The only thing I want to keep is the spacing the user enters (line spacing). My php file - I have tried many different ways, but none of them seem to work $txt = $_GET['text']; $stuff = array("",""); $txt = str_replace($stuff, "<br />"); echo strip_tags($txt, '<br />'); So using the code above if I enter: <b>Test</b> This is a test The Results is: TestThis is a test I've tried another method using 'preg_match', but i am getting an error b/c of the function.
Removing Attributes From Html Tags
I want to build a class which will return a stripped version of variable containing HTML tags. In my constructor i will use strip_tags to get rid of the unwanted tags in the variable. After that i'll call a method cleanup() which has to do the hard work. Lets say i fill an array with values containing attributes like Onclick Onmouseover Style in my constuctor. I will allow de <a> tag to be used, but i want to strip the tag from attributes mentioned above.
Removing Empty HTML Tags
Long story short: Converting word files to readable HTML (approx 1200 docs). Got it going good, have one problem left: Due to the difference between hard and soft carriage returns, sometimes end up with <p> </p> and I need to get rid of these. There are differring numbers of non-printing characters and spaces between the p tags. I am convinced that a regular expression will do this but so far have not found one. So basically what I need is to remove any paragraphs that contain no printable characters.
Removing Word HTML From A File
I have a problem with converting word docs to HTML. As you probably know, when word generates its HTML it has a lot of needless tags. Is there a way I can cut these out and just leave basic formatting tags such as <b>, <br>, <ol>, <li> etc. I found this code to remove Word HTML PHP Code:
User Input...
I have a form with a field that expects user to input HTML tags. I know I have to use htmlspecialchars for that input but what if the user inputs PHP code? I've looked at the help file and I can only find strip_tags which removes both PHP and HTML tags. If a user wants to crash/corrupt/hack into your site by entering PHP code, what kind of things can he type? Must he include PHP tags to work? If he must use PHP tags, I could just write a function to remove only the PHP tags and not the HTML tags.
User Input?
Is there a way to get user input from a php script that doesn't have to do with html? I would like to ask the user(me) to input a directory(preferably in a gui way such as a folder selection dialog) to do some work with. Is this possible when running the script directly on my comp(not off a server(remote or local))? The script is a management thing that I'd like to create to help generate some html code. Essentially I want it to scan a dir(but don't want to hard code it) and have it generate a list of links for the files in that dir(which are images). Maybe even asking for a description for each. Even if it was a little shell program to change the directory(sorta like dos) would be much better than having to enter in the directory name by hand.
Php User Input
When running PHP as a binary, is there a way to ask for user input?
Any Way Of Removing Line Breaks From HTML Code?
I have a big big chunk of HTML code stored inside a variable $myhtml. Is there any way I can possibly remove all line breaks in the HTML? I tried $myhtml = str_replace(' ', '', $myhtml); but it doesn't work.
Reg Exp Question: Removing Class And Style From Html
i have a little database driven content managment system. people can load up html-docs. some of them use ms word as their html-editor, which resultes in loads of "class" and "style" attributes - like this: <p class="MsoNormal">Some text</p> now i'd like to remove them (the attributes, not the people, that is). i know reg exp is the way, but somehow the solution avoids me.
Verifying User Input
I want to be able to search through a string that gets filled into my form. Make sure there are no quotes, semicolons and that kind of thing, that will mess up my database query. PHP Code:
What To Strip From User Input:
I recently suffered massive bot attacks against my contact page. Someone sent me over 350 e-mails from my form in less than a couple of hours. As this form only sends e-mail to an address dedicated for this purpose, this isn't more than an inconvenience. In re-writing it, I decided to write better stripslash and strip_tags functions of my own. I have the function stripping out left and right angle brackets, and forward and back slashes. I replace these with blanks (I am the only one that views these e-mails and I think I can figure out what was meant). That should break most script and malicious html tags. What else should I watch for and strip? I thought it might be wise to replace "=" signs with blanks. Should I worry about words like "query" or "fopen"? Part of my solution to preventing bot attacks against my form is to force manual input by varying the name="" values. I have eighteen different possibilities for each field on the form. I choose which to use randomly. I check each possibility when processing to see if it is set and send posters to a 404 page if they post to the wrong or all possible variables. I also include a random string of 5 digits as an authorization code in a hidden field. I use mysql database to let the processing page know what variables and authorization code to expect, associated with the poster's ip. Use the wrong authorization code and you go to the 404 page. If your ip doesn't show up on in the database, you get a "404 page not found." I delete records from the database after processing, including old, unused entries where someone left without completely filling out the form. Does anyone see any reason that won't work to thwart the bots?
User Input Validation
I am intending to make a form on a page, on pushing submit the forms gets posted onto itself so that it checks for empty fields and prompts user to get all fields filled, BUT the filled value should stay, I did this easily on ASP, but could not figure out in PHP. Code:
User Input Filtering
I have a comments system. In this comment system, people can enter certain strings, and it will break my page layout. Such as repeated characters with no spaces. It will just blow the table way out of proportion and completely ruin my layout. How can I break their input up if such a thing happens? Also, how can you number an array of data that is being withdrawn from the database DESC? Such as.. Quote1. itemnumber1 2. itemnumber2 3. itemnumber3 4. itemnumber4
Checking User Input
I want to check to see if there's only letters and numbers in a field, how would I go about doing this?
Filtering User Input...
I want to take text that a user inputs and store it into a variable. That's the easy part. I have and array of 30 elements that I want to store the inputted text into. So.. here's an example... - I want a user to enter text. - I'll store it into a variable like $inputText. - I want to split the text from $inputText into 30 equal sections and store each section into an element in the variable. - I don't care if the words get separated during the filter, as long as the whitespaces stay where they are. Could anyone give me some tips to help me get started or point me towards a tutorial or something?
Removing Html Anchors From POST'ed Text String
I am having problems with trying to remove some tags using PHP. What I want is to perform a search and replace on a URL, so if someone tried to put a URL into a guestbook database, instead of the user inputting a link as: <a href="http://whatever.com">visit me</A> It goes into the database as: http://whatever.com I have tried the str_replace() function, but doesn't seem to work. I have also tried strip_tags() but then that just give the result: This is the code I've written. $AmendedComment = str_replace("<a href="", " ", $_POST['Comment']); $FinalComment = addslashes($AmendedComment); Checking the database and reading it out again, the first part of the URL remains intact, so the URL is clickable - not what I want. I've made an attempt at preg_replace() but it's difficult to get head around trying to write a pattern.
Security With User Input And Sessions
I have two sort of related questions, if anyone would be so kind as to answer: 1. When I do an form for input (into a database) that is used for subsequently displaying on a web page, is there a function written to parse out all dodgy stuff, like putting HTML tags that could break the page, or filter out SQL that could corrupt or invalidate the entry or is there a regular expression that someone has already done to cover all areas? 2. If I am displaying data from a database and using sessions and the like, should I be putting something like this in my code (I found it in the php manual): header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // past header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header ("Pragma: no-cache"); // HTTP/1.0
Calling A Function Through User Input.
So heres yet another question to a problem where I would have no idea where to look for the answer for so I turn to you :) Say my sites administrator wants to write a news update or blog or whatever. Something like this "Added a new gallery from my trip to Phuket, enjoy: [GID=24] If you liked it tell me." I want the [GID=24] to get replaced by my galery loading function (very nifty and handy) so it would turn into something like this echo "Added a new gallery from my trip to Phuket, enjoy: ".galery($GID)." If you liked it tell me."; I chose this [GID=24] because it is similar to burning board code. I would also like to include a command like [PID=45] witch would run my picture function.
Replace Slashes With More Slashes?
I am having a bit of trouble trying to double up on slashes in a file path. What I am trying to do is very similar to the code below: <? $var = "wusaisIntranetsIntranetsfpdbpdfweinig
Checking User Input With Eregi Function
The function below (ExpressionTest.php) is for checking user input. The function is supposed to permit only alphabetical characters, the apostrophe ('), and the dash (-) for the "FirstName" variable. For some reason the script below will permit the dash to be used but gives the message "Please enter a valid first name." message when the FirstName variable includes an apostrophe. I have tried switching places for the dash and the apostrophe. But if I place the apostrophe first in the string and the dash second in the string I still get the same message. PHP Code:
How To Get User Input For A Variable Without Using Forms Or Tables
I have created forms and taken user input from the forms into php variables. When validating the fields, if i find my conditions not satisfied on the php variable, i ignore the database connectivity and display error message and having the user to go back to the page and correct the error. Is there a way i can correct the error without going back to the page, and getting the particular user input without having to create another form or table for input into the php variable.
How Do You Do TCL Exec Command On PHP Script That Uses User Input?
The TCL command I am using will do a command-line action on a PHP script: set cannotRunPHP [catch { eval "exec php -q $root/scripts/info/php/info.php" } errMsg] I have to do it this way as both the TCL script and the PHP script run as CLI. However, "info.php" requires user input to run; this causes the TCL script calling the PHP script to hose up and die. Is there a way I can do this so that the TCL script can call the PHP script without any problems? Is there an alternate way of calling the PHP script other than using exec were that to solve this issue?
Displaying Text Fields On User Input
How would I echo a particular amount of text fields depending on how many the user selects from a drop down menu that I have already created. For example say the user selects 4 or whatever other number from a drop down menu how would I echo 4 or whatever the amount of text fields for a user to input text into? An example would be an airline website were you select how many people are travelling and then it echo fields for those people to enter their names.
User Local Time Diplay In Input Field
I'm wondering how can I have the local time of a user into a input field, it might sound or be stupid but even after my search I couldn't find a code si9mple enough, without any bla bla which each not my need.
Dynamically Creating URLS Based On User Input !
I am looking to create pages on the fly or dynamically based on user input. For example if i have www.example.com and they visit this and enter 'bob' in a textfield and press submit they create www.example.com/bob.html . How would I go about this ? I am guessing I need to create a folder when submit is pressed in my website directory ?
Validating Html Input
I'm trying to set up a system that would allow users to write html in textareas. The porblem is that when coming out of the database and getting slapped on an unsuspecting dynamicly generated page, an open anchor tag can do a number on the site. I need to find a script to validate the HTML any ideas?
Decode Html Input String
Probably not the correct words in the subject but I'll try to explain. I have software in c++ that sends data to a php file on my website. I have all the connections in place since it echoes back an ok to my code. Problem is the data portion is not being read by the php. I dont know how to reference it. Code:
|
TRACKER
