Posted by Jochem Maas on 10/04/79 11:09

Dave wrote:
> PHP General,
>

....

>
> 4. What I've Done So Far:
> I've looked into the *htmlspecialchars()*
> <http://jp.php.net/manual/en/function.htmlspecialchars.php> and
> *htmlentities(), thinking that they perhaps could pull out characters
> used in tags, but they seem to be more for formatting script, not
> filtering it.* <http://jp.php.net/manual/en/function.htmlentities.php>


these functions can help you as part of the solution to your problem.
your in the right ballpark :-)

> I'm assuming I need a string_replace() code of some kind. But I'm

php has str_replace(), it pretty much does what it says on the tin.

> lost as to how to specify to allow "<" only when immediately followed by
> either "a href =" or "/a>" and accept no other instances.
> It was when I realized that people might potentially be able to
> insert some Java Script inside of the quotes after "href=" that I
> realized I was in over my head.

take a look at strip_tags(), right up your alley.
an alternative is to use regular expressions to find/replace the links
and strip out other stuff... but that probably be a multi-step process
(you would be doing basic parsing of the input) and maybe a little complex
for you atm.

>
> Any help much appreciated.
> ** <http://jp.php.net/manual/en/function.htmlentities.php>
>

• Next in thread: Re: [PHP] [NEWBIE] How to allow for <a href> tags but no others?
• Prev in thread: Re: [PHP] [NEWBIE] How to allow for <a href> tags but no others?
• Next in forum: Re: [PHP] PHP and Access
• Prev in forum: Re: [PHP] [NEWBIE] How to allow for <a href> tags but no others?
• Thread view: [NEWBIE] How to allow for <a href> tags but no others?

[Reply to this message]