Data entry validation allowing HTML TAG

Asked

Viewed 188 times

4

Need to do a validation, always valid on the client side/JS and server/PHP, and allow the user to type some Tags to format the final result, any tips how to do this? Better use a field of the kind textarea or use an editor?

Some Tags I want to allow:

h1 a h6
<p>
<u>
<strong>
<address>
<strong>

2 answers

4

you can use this native php function strip_tags($texto, $tags_permitidas); for example:

strip_tags("<strong><span class='block'>texto a ser filtrado</span></strong>", '<strong>');

this way the result would be:

<strong>texto a ser filtrado</strong>

for more information see the documentation:

http://php.net/manual/en/function.strip-tags.php

2

I created the function below to save the user data, did some tests and managed to run the filter and save successfully.

function fDescribe() { 
        functions::startSession();
        if($_POST['token'] == $_SESSION['token']) {
            $this->describeC = strip_tags($_POST['textarea'],
             '<h1><h2><h3><h4><h5><h6><p><u><strong><em><address><strong><br><abbr>');

            $this->conn = parent::getCon();                                 
            $this->pQuery = $this->conn->prepare("update table set description=? where user_id=? limit 1"); 
            $this->pQuery->bindParam(1, $this->describeC);
            $this->pQuery->bindParam(2, $_SESSION['id']);
            $this->result = $this->pQuery->execute();
            unset($this->conn); 
            if($this->result == true) {
                functions::generateJsonMsg('success', null, null, null, null);
                exit();
            } else  {
                functions::generateJsonMsg('fault', 'queryFault', null, null, null);
                exit();
            }                               
    } else 
        return false;   
}

Browser other questions tagged

You are not signed in. Login or sign up in order to post.