PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

AJAX and PHP Part 2: XML Communication/Processing
Validating PHP User Sessions
Open Source Databases: As the Tables Turn
Graphing with PHP and GD
An Introduction to Web Services with PHP: Part 2

[PHP] RE: html in my form? bad things! help help help! From: Ray Dow (ray <email protected>)
Date: 07/16/01

Next message: zerosumzero <email protected>: "Re: [PHP] RE: html in my form? bad things! help help help!"
Previous message: Adrian D'Costa: "[PHP] Re: REGEXP"
Next in thread: zerosumzero <email protected>: "Re: [PHP] RE: html in my form? bad things! help help help!"
Reply: zerosumzero <email protected>: "Re: [PHP] RE: html in my form? bad things! help help help!"
Maybe reply: Ray Dow: "RE: [PHP] RE: html in my form? bad things! help help help!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Everything removed by strip_tags(), including <a href="somelink>click me</a>
(you original example)

See the problem?

> -----Original Message-----
> From: zerosumzero <email protected> [mailto:zerosumzero <email protected>]
> Sent: Monday, 16 July 1979 3:46 PM
> To: Ray Dow; php-general <email protected>
> Subject: Re: html in my form? bad things! help help help!
>
>
> on 7/16/01 1:47 AM, Ray Dow at ray <email protected> wrote:
>
> > Try a different format that is also easier for the users to
> type. For
> > example; <a http://somesite.com>Click me!</a> and then convert that
> > string OR
> > [link:http://somesite.com]Click me![link]
> >
> > NEVER let users type HTML straight into a form box, its way
> too easy
> > to screw up your entire site.
> >
> > (Just for starters i could use <iframe> to embed anything into the
> > page, document.location is another great example of why you
> should use
> > a different
> > system)
> >
>
>
> iframe removed by strip_tags(); isn't it?
>
>
> --
> susan <email protected>
> http://futurebird.diaryland.com
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: zerosumzero <email protected>: "Re: [PHP] RE: html in my form? bad things! help help help!"
Previous message: Adrian D'Costa: "[PHP] Re: REGEXP"
Next in thread: zerosumzero <email protected>: "Re: [PHP] RE: html in my form? bad things! help help help!"
Reply: zerosumzero <email protected>: "Re: [PHP] RE: html in my form? bad things! help help help!"
Maybe reply: Ray Dow: "RE: [PHP] RE: html in my form? bad things! help help help!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]