|
PHP - Allowing Special Chars But No Html?
I would like to allow special characters in my script like:
ஆஇஊஎஐஓ But I don't want to allow HTML like: <b>bold</b> At first I was using htmlentities() when PRINTING OUT (NOT when or before inserting in the query) . Data shows up in MySQL as ᇋᇄᇝᇠᇤᇢᇦ And it was also printed out that way, I'd like to have it translated into it's actual form (ஆஇஊஎஐஓ), yet I don't want <b>bold</b> to be translated as well, I want it to stay <b>bold</b> Is there any way I can do this? I also tried htmlspecialchars() but that didn't do the trick either. If you need script examples let me know. EDIT: To bring it to the point, I want it to be just like in this forum post. The special chars are showing up, and the html is just being printed as <b></b>. Similar TutorialsCode: [Select] <?php $fspec = base64_decode($_GET['q']); if (isset($_POST['content'])) { if (!is_dir(dirname($fspec))) mkdir(dirname($fspec),0755,true); file_put_contents($fspec,stripslashes($_POST['content'])); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Edit template</title> <style type="text/css"> body { background-color:#fff; font-family:arial,verdana; font-size:10pt; } </style> </head> <body> <div style="background-color:#fff;"> <form action="<?php echo $_SERVER["PHP_SELF"].'?q='.base64_encode($fspec); ?>" method="post"> <div><textarea id="markItUp" rows="20" cols="80" name="content"><?php include $fspec; ?></textarea></div> <div> <input type="submit" value="Save" /> <a href="javascript:window.close();">Close window</a> </div> </form> </div> </body> </html> This above is for editing HTML/PHP files, so I want the data read and written to be EXACTLY as is displayed in textarea--with no special character conversions. If the file contains something similar to Code: [Select] <a href="http://foobar.com/index.php?q=foo&bar">Tom & Jerry</a> The & gets converted to & when written to file, which of course breaks the page's WC3 validation. Is it getting converted when passed via POST? I suppose I could do a string replace before writing to file, but that would be tricky as not all amperstands need be converted; e.g., the "Tom & Jerry" above. Am I missing something obvious? Thanks in advance. Hello everyone, how i can insert to the db string that include "$_GET['id']", and i need this as is. in the table i need to see the string $_GET['id'] and not the value. any ideas ? hey, i was wondering how i would make a preg match check for special characters, i would only like to allow an underscore _ and a dash - i'm currently using preg_match("/[^0-9]+$/",$getUser) but thats not working right I was wondering if there was a way to allow users to input there own HTML and CSS in like a members only site using PHP? If so, how would it be done? I let my users to post what they would like as a text, today I noticed that I forgot disabling htlm chars, so they can even post textbox's htlm code and create a textbox in the posting section, Is there any way/function to prevent this ? Hey guys, OK, so actually I have two questions that are kind of related. The first one is how I can allow users to use <i>, <b>, <strong> tags when submitting information in a form. I would like to allow certain tags so they can emphasize things in their text, but I still want to strip the rest for security reasons. I tried using strip_tags() with some exceptions as a second parameter, but as far as I understand, that just allows them to be displayed as text, not for the browser to make text bold for instance. Below is what I have now. function stripdata($data) { return trim(htmlentities(stripslashes($data), ENT_QUOTES)); } echo stripdata($someDataFromMySQL); I also want to ask if the solution above is 100% safe so that users can not submit malicious code that can execute when users' visit a page of mine that displays that code. Thank you in advance. I have this code to pull the first few words from the body text to use as a title. But, when the body contains apostrophe, it shows on my title as '. I found the following code that's supposedly fixes the code. But, I can't figure out how. I need to add this: $return = = htmlspecialchars_decode(token_replace($output, 'node', $node), ENT_QUOTES); Or something similar ... to this: Code: [Select] $limit = 10; $text = $node->body[$node->language][0]['value']; $text = strip_tags($text); $words = str_word_count($text, 2); $pos = array_keys($words); if (count($words) > $limit) { $text = substr( $text, 0, $pos[$limit]); $text = trim( $text ); $text = rtrim( $text, '.' ); $text = trim( $text ) . '...'; } return $text; Thanks in advance. Hey guys, So when I put the following line of php on an html page: Code: [Select] echo '®'; I get the 'Registered' symbol. How do I turn this off? What is happening is that it is part of a longer string that represents an url and the URL is not rendering correctly due to the special character. Thanks I've set up a staging server with Ubuntu 14.04, Apache, PHP, and MySQL, and I'm having a configuration issue that I need to resolve.
index.html uses a server side include. I was required to change the shtml file it references to a php file, but it's not working properly.
When my webpage uses the code:
<?php include ("footer.shtml"); ?>
then the page loads correctly
However, when I change it to:
<?php include ("footer.php"); ?>
then I instead see a message stating,
"This attachment was removed because it contains data that could pose a security risk."
I can't determine which configuration file I need to change, and what the change needs to be.
Hi i've recently moved hosting servers as I had severe lag issues with my shared hosting. Since i've brought a dedicated linux server with apache and php. Since the move i get extra chars with the following code Code: [Select] <?PHP define( "MESSAGE", "Testing Testing 123" ); if(isset($_GET['message'])) { die(MESSAGE); } ?> My application SHOULD receive back "Testing Testing 123" like it used to with my old shared hosting. Instead now it receives the following: Code: [Select] 2f Testing Testing 123 0 And i cannot figure this out for the life of me. I'm expecting something silly to be the cause but would appreciate some guidance on this. Thanks Best method to for the following? Code: [Select] // The following $str1 and $str2 should say they are identical $str1 = "abcDEF"; $str2 = "EcFabD"; // The following $str1 and $str2 should say they are NOT identical because of the "a" "A" case difference. $str1 = "abcDEF"; $str2 = "EcFAbD"; I'm comparing bitvector strings. "ABC" is different than "abc". "abc" is the same as "cba". What's the best php function or method I should use? Thank you. Hey, I've created a messaging system for my site and I'm trying to make it so that a copy of the original message is included and automatically put into the message content box when somebody clicks to reply. I've done this literally just by making the "reply" button into a form which also posts the content of the message from the previous page and puts it into the content box. However I have some issues with it: firstly, wherever ' is used, it becomes \' and wherever " is used, the whole of the rest of the message is blanked out. Can anybody point me in the direction of the solutions I might need to make it so that ' and " both appear normally without cutting the rest of the message off? Thanks in advance & let me know if anything is missing! Would someone tell me how to allow foreign letters, normal english letters and numbers using the preg_replace php function? Hi, I'm looking for a bit of help. I have a record in a MSSQL. I'm using PHP to pull that record. In the record there are the funky square characters for chr(13) and chr(10). In PHP they are totally ignored which means that the record appears on one line. I have tried replacing these with various a numerous characters but no joy. Things like Code: [Select] str_replace(' ', '<br/>', $notes); and Code: [Select] str_replace(chr(10), " ", $notes); Please help Hi, I am writing a PHP program to send SMS using HTTP API gateway. I use cURL to launch the URL. I am getting problems when I send UNICODE chars in the message. I am getting simply square boxes instead of UNICODE chars. When I launch the same URL directly in a browser it works well. Following is the code snippet currently I have. $message = "unicode chars here"; $launch_api = "http://xxxsss.com/send.php?message=".$message."&sender=aaa&to=xxxx&type=2&username=bbbb&password=cccc"; $ch = curl_init(); curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_URL,$launch_api); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $contents = curl_exec ($ch); curl_close ($ch); Could some one please help me what I am missing? |
|||||||