close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Keep HTML from being entered into database via a text field

Thread began 11/17/2009 12:04 pm by ijk76319396 | Last modified 11/18/2009 11:09 am by ijk76319396 | 1275 views | 8 replies |

ijk76319396

Keep HTML from being entered into database via a text field

I need to prohibit the entry of HTML into my database by users to my website. Right now they can enter HTML into a text area I use as a comment box then it shows up when the record is displayed. I was told about a strip_tags function but I don't know exactly where to place it. Is there a function in Data Assist that does this automatically?

Sign in to reply to this post

Jimmy Wu

You can run the strip_tags on the value being inserted into the database. So whatever is being inserted, you can call strip_tags on it right before its getting inserted.

Sign in to reply to this post

ijk76319396

This is the value I have going into the database


<?php echo ((isset($_POST["commentsbox"]))?$_POST["commentsbox"]:""); ?>


Where exactly do I put the strip_tags and how should it look.

Sign in to reply to this post

Jimmy Wu

You would put the call around the second $_POST["commentsbox"] in that line of code.

Sign in to reply to this post

ijk76319396

This is the code I am typing into the source that Data Assist generates

((isset($_POST["commentsbox"]))strip_tags ((?$_POST["commentsbox"]:""))

Obviously I am making an error because I am getting the 'unexpected T_string error.

Sign in to reply to this post

Dave BuchholzBeta Tester

you have to many ")" your code should look like this:

((isset($_POST["commentsbox"]))strip_tags (?$_POST["commentsbox"]:""))
Sign in to reply to this post

ijk76319396

I entered that code and now I get the error

Parse error: parse error, unexpected T_STRING in C:\Inetpub\vhosts\comicracy.ieasysite.com\httpdocs\0111\6-cc.php on line 127

Here is the full block of code that Data Assist Generates with the strip tags added

<?php
// WA Application Builder Insert
if (isset($_POST["submit"])) // Trigger
{
$WA_connection = $con2com;
$WA_table = "comments";
$WA_sessionName = "comments_ID";
$WA_redirectURL = "../messagesent.php";
$WA_keepQueryString = true;
$WA_indexField = "ID";
$WA_fieldNamesStr = "USERNAME|COMMENTER|PAGE|COMMENTS|USERIDENT|COMMIDENT";
$WA_fieldValuesStr = "".$row_Recordset1['username'] ."" . "|" . "".((isset($_POST["COMMENTORNAME"]))?$_POST["COMMENTORNAME"]:"") ."" . "|" . "".((isset($_POST["website"]))?$_POST["website"]:"") ."" . "|" . "".((isset($_POST["commentsbox"]))strip_tags (?$_POST["commentsbox"]:"")) ."" . "|" . "".$row_Recordset1['ID'] ."" . "|" . "".((isset($_POST["ICON"]))?$_POST["ICON"]:"") ."";
$WA_columnTypesStr = "',none,''|',none,''|',none,''|',none,''|',none,''|',none,''";
$WA_fieldNames = explode("|", $WA_fieldNamesStr);
$WA_fieldValues = explode("|", $WA_fieldValuesStr);
$WA_columns = explode("|", $WA_columnTypesStr);
$WA_connectionDB = $database_con2com;
mysql_select_db($WA_connectionDB, $WA_connection);
if (!session_id()) session_start();
$insertParamsObj = WA_AB_generateInsertParams($WA_fieldNames, $WA_columns, $WA_fieldValues, -1);
$WA_Sql = "INSERT INTO `" . $WA_table . "` (" . $insertParamsObj->WA_tableValues . ") VALUES (" . $insertParamsObj->WA_dbValues . ")";
$MM_editCmd = mysql_query($WA_Sql, $WA_connection) or die(mysql_error());
$_SESSION[$WA_sessionName] = mysql_insert_id();
if ($WA_redirectURL != "") {
if ($WA_keepQueryString && $WA_redirectURL != "" && isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] !== "" && sizeof($_POST) > 0) {
$WA_redirectURL .= ((strpos($WA_redirectURL, '?') === false)?"?":"&").$_SERVER["QUERY_STRING"];
}
header("Location: ".$WA_redirectURL);
}
}
?>

Sign in to reply to this post

Dave BuchholzBeta Tester

apologies the code should read:

((isset($_POST["commentsbox"]))?(strip_tags($_POST["commentsbox"])):"")
Sign in to reply to this post

ijk76319396

That did the trick. Thank you very much!

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...