Hi friends,
In my php form I just blocked the sql injection by adding below into my processing page $comment=mysql_real_escape_string($_POST['comment']); But I need to add "Richtext format in My Form ( Ie BOLD, ITALICS and UNDERLINE ).
Now I just want to enable only these in my processing page ( Only <b>,</b>,<u>,</u>,<i>,</i>).
Please advise me how to do this..
Thanks in advance
Rajeesh
mysql_real_escape_string escapes only following characters to prevent sql injection,
\x00, \n, \r, \, ', " and \x1a.
You can use strip_tags to add particular tags to your processing comment.
strip_tags($_POST['comment'], '<u></u><i></i><b></b>'); // Allow <u></u><i></i><b></b>Thank you for your kind reply ......
I will go through it
Once again thanks
mysql_real_escape_string escapes only following characters to prevent sql injection,
\x00, \n, \r, \, ', " and \x1a.You can use strip_tags to add particular tags to your processing comment.
strip_tags($_POST['comment'], '<u></u><i></i><b></b>'); // Allow <u></u><i></i><b></b>
Thank you for the POST...!!!
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.