Searching a string for HTML tags
Posted by Mesiah (Mesiah), 18 December 2002Im new to php, and havnt found any decent tutorials, and was wondering if anybody would lend me a hand.
I need to search a string for html tags (which i can just put in an array or something), and when it finds them, exit the script.
I have this, but im not sure if the syntax is right, i suck at this, its my second day :-P
Please help me, somebody, anybody...
Posted by admin (Graham Ellis), 18 December 2002I think that preg_match_all should do it for you:
where your input string is in the variable $in, and $out is the resulting array of tags that you're looking for.
If you're looking to do something in PHP and think to yourself "surely someone's done this before", they probably have, and there's probably a function to do it ... little problem is that there are so MANY functions that you won'd know which one
If you want to find out more about preg_match_all, go to http://www.php.net and enter the function name in the search box at the top of the page. As well as the page on the function that you've asked for, you'll get links to other similar functions. This is a fantastic resource once you get into it. And please do post further here if my answer doesn't quite sort out your query, or if you have fresh questions.
Posted by Mesiah (Mesiah), 19 December 2002first off, this is one sweet forum, no harassment for me being dumb!
second, i read up on that function, and it shows examples of just taking those out of a string, i wanted it to search the string for those, and exit the entire script if its found, but i might be able to get something from this...
On second thought, how would i exit the script if it finds html tags in the string?
Im sorry, im not really one of those kids who beg people to do stuff for them, i have the dedication to learn, i just have to get this fixed, fast, my site is losing hits
Its the tagboard at the bottom im trying to fix, once i get it fixed, i aint touching nemore php till i learn alot more
Posted by admin (Graham Ellis), 19 December 2002OK - so you're looking to exit from your script if someone enters something that contains tags in it - in other words, you're looking to scrub your data entries clean??
Important point 1: I don't think that you really want to simply exit from the script. If you do, your (malicious) user won't get any answer at all. Rather, I thing that if you get some tags back from your preg_match_all, you should generate a reponse that includes an explanation of why you're not accepting the input.
Important point 2: You probably want to do a rather more thorough filter that just looking for tags. I would recommend the strcspn function to check that the string doesn't contain any characters outside a range you choose - letters, digits, spaces, some punctuation marks, etc.
Important point 3: It looks to me that your site might have political content, and people are liable to put strong views into your form. Have you considered legal aspects if you incorporate their views into your page, moderation, etc? When you joined this forum, you accepted our conditions, and indeed you comment how friendly we keep it here. YOU need to consider such things for YOUR users, and it's not a small issue.
Answering your immediate question, use exit to exit from a script in the middle ... but I am concerned that you're likely to spend a long time playing around with PHP to get this working, as it's a very new area to you. If you have that time - great - if not, you might want to consider getting a programmer friend or local contrtactor or someone to do the job for you; seems a bit silly to learn PHP just for the single use, especially one that's for a time-dependent survey.
PH: 01144 1225 708225 • FAX: 01144 1225 899360 • EMAIL: firstname.lastname@example.org • WEB: http://www.wellho.net • SKYPE: wellho