I have been trying to use the code below to filter out malicious scripts and allow only the tags mentioned in the filter to be used in the WYSIWYG text bar. But when i am inserting the $filter value into the database, nothing is being inserted. In short the $filter is not getting any filtered values to store. I would like to know whether there is any problem in my code?
我一直在尝试使用下面的代码来过滤掉恶意脚本,并且只允许在WYSIWYG文本栏中使用过滤器中提到的标记。但是当我将$ filter值插入数据库时,没有插入任何内容。简而言之,$ filter没有得到任何过滤值来存储。我想知道我的代码中是否有任何问题?
$description = $_POST['name'];
$filter = strip_tags($description,"<p><a><b><ul><li><ol><u><i><h1><h2><h3><h4><h5><h6><br><div><hr><table><tbody><td><tr><tfoot><th><thead><img><strong><em>");
1 个解决方案
#1
Try using htmlentities, which will convert the <> into their HTML entity counterparts
尝试使用htmlentities,它将<>转换为HTML实体对应物
$filter = htmlentities($description);
Another option is to use strip_tags, which would remove the tag entirely
另一种选择是使用strip_tags,它会完全删除标签
$filter = strip_tags($description);
#1
Try using htmlentities, which will convert the <> into their HTML entity counterparts
尝试使用htmlentities,它将<>转换为HTML实体对应物
$filter = htmlentities($description);
Another option is to use strip_tags, which would remove the tag entirely
另一种选择是使用strip_tags,它会完全删除标签
$filter = strip_tags($description);