Skip to content Skip to sidebar Skip to footer
Home / Html / Php / Security / Validation

Filter Html On Php

Post a Comment
On my client side, I have a rich text area where the user is allowed to enter HTML. Then, how on PHP do i ensure that the PHP is safe. Is there any validation in php for checking H

Solution 1:

You'll want to sanitize your input before saving it. http://htmlpurifier.org/ does a great job and is pretty easy to implement and insanely configurable.

Solution 2:

You could look into HTMLPurifier http://htmlpurifier.org/, I have yet to use it but I remember seeing a screencast or two on it at www.zendcasts.com.

You could also use a Zend Framework Filter like Zend_Filter_StripTags.

Solution 3:

You could strip the tags that are not allowed, using strip_tags();

<?php$allow = '<p><ul><li><b><strong>'; // Just an example$input = strip_tags($input,$allowedtags);
?>

Other than that it's adviced to use mysql_real_escape_string($input) or better yet, use: Is this a safe way to filter data and prevent SQL-injection and other attacks?

Post a Comment for "Filter Html On Php"