|
-
Jun 16th, 2007, 02:01 AM
#1
Thread Starter
Frenzied Member
 [RESOLVED] Remove HTML from string
Hi all,
I'm currently building a guestbook, where all content is put in a database and retrieved upon request. The simple thing.
Now to prevent people from putting scripts etc. into my webpage, I'd like to know whether there is an easier way to remove that instead of hard coding a line for each HTML element I can find
Any suggestions?
Delete it. They just clutter threads anyway.
-
Jun 16th, 2007, 09:30 AM
#2
Re: Remove HTML from string
-
Jun 16th, 2007, 09:59 AM
#3
Thread Starter
Frenzied Member
Re: Remove HTML from string
Nice, that's exactly it
Thnx
Delete it. They just clutter threads anyway.
-
Jun 18th, 2007, 09:12 AM
#4
Frenzied Member
Re: [RESOLVED] Remove HTML from string
Nice why no one told me about this and let me use that htmlentities forever and eats up my mysql space lol... j/k
-
Jun 18th, 2007, 12:25 PM
#5
Re: [RESOLVED] Remove HTML from string
 Originally Posted by vbbit
Nice why no one told me about this and let me use that htmlentities forever and eats up my mysql space lol... j/k
Both functions do totally different things. You shouldn't apply the htmlentities function to data you intend to save in a database anyway.
-
Jun 18th, 2007, 02:02 PM
#6
Fanatic Member
Re: [RESOLVED] Remove HTML from string
Originally Posted by visualAd
You shouldn't apply the htmlentities function to data you intend to save in a database
Why is that?
Never argue with fools, they will only drag you down to their level, and beat you with experience.
Q: How do you tell an experienced hacker from a novice?
A: The latter thinks there's 1000 bytes in a kilobyte, while the former is sure there's 1024 meters in a kilometer
-
Jun 18th, 2007, 02:33 PM
#7
Re: [RESOLVED] Remove HTML from string
You should apply it before you display it. The database should contain the raw data only.
-
Jun 18th, 2007, 02:47 PM
#8
Fanatic Member
Re: [RESOLVED] Remove HTML from string
But then you have to apply it every time, instead of just once before you store it...
Never argue with fools, they will only drag you down to their level, and beat you with experience.
Q: How do you tell an experienced hacker from a novice?
A: The latter thinks there's 1000 bytes in a kilobyte, while the former is sure there's 1024 meters in a kilometer
-
Jun 18th, 2007, 03:01 PM
#9
Re: [RESOLVED] Remove HTML from string
Indeed; then again if you only ever intend to display it as HTML it is better to store it in the database escaped.
It's best however to keep the data as atomic as possible within the database. It may in some cases be beneficial to store the escaped version of the string too.
-
Jun 18th, 2007, 03:08 PM
#10
Re: [RESOLVED] Remove HTML from string
Data in a database should not contain content pertinent to any specific presentation of said data.
For example, this forum saves posts as they are typed. It does however apply several transformations such as parsing BBcode and applying htmlentities() before displaying the posts. (The resultant HTML is then also saved into the database, but that's purely for caching purposes—it doesn't replace the raw data.)
-
Jun 18th, 2007, 03:57 PM
#11
Frenzied Member
Re: [RESOLVED] Remove HTML from string
My webpage stores whatever the user type into the database, but I use the htmlentities before I display it, just like the way this forum works 
-
Jun 19th, 2007, 12:21 AM
#12
Fanatic Member
Re: [RESOLVED] Remove HTML from string
Ok, thanks guys, I'll keep that in mind
Never argue with fools, they will only drag you down to their level, and beat you with experience.
Q: How do you tell an experienced hacker from a novice?
A: The latter thinks there's 1000 bytes in a kilobyte, while the former is sure there's 1024 meters in a kilometer
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
