9 {{ upvoteCount | shortNum }}
9 {{ upvoteCount | shortNum }}

Strip_string

by Paul Novak
8 replies
I have a site I am attempting to fine tune some third party code for. I want user profiles to be cleaner and so will need to allow some kind of HTML when users put them together. The code uses the following.

$username = $info2['provider_username'];
$joined = $info2['provider_joined'];
$name = strip_tags(stripslashes(substr($info2['provider_name'],0,200)));
$price = $info2['provider_price'];
$profile = strip_tags(stripslashes(substr($info2['provider_profile'],0,2000)));
 $types2 = explode(',', $info2['provider_types']);
$pictype = $info2['provider_pictype'];

I believe the bolded line is what I need to address. How can I modify this to allow a few tags like <BR> and <P>?
#stripstring
  • Profile picture of the author wayfarer
    the second argument for strip_tags is the allowed tags. See the documentation: strip_tags

    However, if this is being used on user supplied input, it is a very very bad idea to allow tags this way, because the strip_tags function has a fatal flaw: it will allow any attributes whatsoever to be added to the tags that are allowed. This is bad because users shouldn't be able to add stuff like onclick, onmouseover, etc, or else they'd be able to inject any script they want into the page. It is therefore advisable that you take a more robust approach. Here's a function I use:

    PHP Code:
    function strip_tags_attributes($string$allowtags ''$allowattributes '') {
            $string strip_tags($string$allowtags);
        if(!empty(    $allowtags)) {//if no tags are allowed, all attributes are stripped anyway
                if(!is_array($allowattributes))
                    $allowattributes explode(","$allowattributes);
            if(    is_array($allowattributes))
                    $allowattributes implode(")(?<!"$allowattributes);
            if (    strlen($allowattributes) > 0)
                    $allowattributes "(?<!".$allowattributes.")";
                $char = (strlen($allowattributes) > 0) ? '[^ =\'\"]*' ' ?[^ =]*';
                $string preg_replace_callback("/<[^>]*>/i",create_function(
                    '$matches',
                    'return preg_replace("/'.$char.$allowattributes.'=(\"[^\"]*\"|\'[^\']*\'|[^>]*)/i", "", $matches[0]);'
                    ),$string);
        }
        return     $string;
    Use it like this:

    PHP Code:
      $safe_string strip_tags_attributes($unsafe_string'<br>'); 
    This will allow the "<br>" tag, but not allow any attributes. To allow some attributes, do something like this:

    PHP Code:
      $safe_string strip_tags_attributes($unsafe_string'<br><a>''style,href'); 
    Signature
    I build web things, server things. I help build the startup Veenome. | Remote Programming Jobs
    {{ DiscussionBoard.errors[3483141].message }}
  • Profile picture of the author Paul Novak
    Rats. Was hoping for something simple a novice like myself could simply add to make this work. Already been to the link you added. Tried several variations but all I get are errors. Oh well. As it is, user profiles are just one long block of text without break.
    {{ DiscussionBoard.errors[3483489].message }}
    • Profile picture of the author wayfarer
      Originally Posted by Paul Novak View Post

      Rats. Was hoping for something simple a novice like myself could simply add to make this work. Already been to the link you added. Tried several variations but all I get are errors. Oh well. As it is, user profiles are just one long block of text without break.
      It's not that hard, just define the function and use it instead of strip_tags.

      I see WF messed up my code though, I'll fix it.
      Signature
      I build web things, server things. I help build the startup Veenome. | Remote Programming Jobs
      {{ DiscussionBoard.errors[3486420].message }}
  • Profile picture of the author andreasnrb
    You can use Download kses - PHP HTML/XHTML filter from SourceForge.net to do what you want. Kses is what WordPress uses to strip unwanted HTML.
    The zip contains examples etc. The readme contains a short code snippet which does what you need to do.
    {{ DiscussionBoard.errors[3485920].message }}
  • Profile picture of the author wayfarer
    The other thing you could try, if all you want to do is turn newlines into <br> tags, is this:

    PHP Code:
    $profile strip_tags(stripslashes(substr($info2['provider_profile'],0,2000)));
    $profile str_replace("\n"'<br>'$profile); 
    This will replace all occurrences of newlines with BR elements.
    Signature
    I build web things, server things. I help build the startup Veenome. | Remote Programming Jobs
    {{ DiscussionBoard.errors[3486501].message }}
    • Profile picture of the author Tashi Mortier
      Or you could simply use nl2br().

      Code:
      ...
 = nl2br();
      Okay, it seems like WarriorForum doesn't like certain PHP code.

      $profile = nl2br($profile);

      that's what should be in the Box above.
      Signature

      Want to read my personal blog? Tashi Mortier

      {{ DiscussionBoard.errors[3493965].message }}
      • Profile picture of the author wayfarer
        Originally Posted by Tashi Mortier View Post

        Or you could simply use nl2br().

        Code:
        ...
 = nl2br();
        Okay, it seems like WarriorForum doesn't like certain PHP code.

        = nl2br();

        that's what should be in the Box above.
        forgot about nl2br()...

        to fix WF messed up PHP code, go into advanced mode, go to the bottom, and deselect all the options (except for "show signature"). Those options are messing up PHP highlighting.
        Signature
        I build web things, server things. I help build the startup Veenome. | Remote Programming Jobs
        {{ DiscussionBoard.errors[3494241].message }}
  • Profile picture of the author Paul Novak
    Works perfect Wayfarer. Thanks 10,000 times.
    {{ DiscussionBoard.errors[3503844].message }}

Trending Topics