strip_tags足以从字符串中删除HTML?

时间:2022-08-27 17:03:44

The site user can sign-up on a site, and during sign-up he can provide a name.

站点用户可以在站点上注册,并且在注册期间他可以提供名称。

I want this name to be a valid name, and free of any HTML and other funky characters. Is strip_tags enough for this?

我希望这个名字是一个有效的名字,没有任何HTML和其他时髦的角色。 strip_tags足够吗?

2 个解决方案

#1


4  

I find that there's no single function for idiot-proofing user inputs. Best to mix a few together:

我发现没有单一的功能可以防止用户输入白痴。最好混合几个:

$val = trim($val);
$val = strip_tags($val);
$val = htmlentities($val, ENT_QUOTES, 'UTF-8'); // convert funky chars to html entities
$pat = array("\r\n", "\n\r", "\n", "\r"); // remove returns
$val = str_replace($pat, '', $val);
$pat = array('/^\s+/', '/\s{2,}/', '/\s+\$/'); // remove multiple whitespaces
$rep = array('', ' ', '');
$val = preg_replace($pat, $rep, $val);
$val = trim($val);
$val = mysql_real_escape_string($val); // excellent final step for MySQL entry

#2


1  

Regex could fit well with less code:

正则表达式可以很好地适应更少的代码:

^[A-Z]'?[- a-zA-Z]( [a-zA-Z])*$

^ [A-Z]'?[ - a-zA-Z]([a-zA-Z])* $

Here we have good examples:

这里我们有很好的例子:

Regex for names

正则表达式的名称

#1


4  

I find that there's no single function for idiot-proofing user inputs. Best to mix a few together:

我发现没有单一的功能可以防止用户输入白痴。最好混合几个:

$val = trim($val);
$val = strip_tags($val);
$val = htmlentities($val, ENT_QUOTES, 'UTF-8'); // convert funky chars to html entities
$pat = array("\r\n", "\n\r", "\n", "\r"); // remove returns
$val = str_replace($pat, '', $val);
$pat = array('/^\s+/', '/\s{2,}/', '/\s+\$/'); // remove multiple whitespaces
$rep = array('', ' ', '');
$val = preg_replace($pat, $rep, $val);
$val = trim($val);
$val = mysql_real_escape_string($val); // excellent final step for MySQL entry

#2


1  

Regex could fit well with less code:

正则表达式可以很好地适应更少的代码:

^[A-Z]'?[- a-zA-Z]( [a-zA-Z])*$

^ [A-Z]'?[ - a-zA-Z]([a-zA-Z])* $

Here we have good examples:

这里我们有很好的例子:

Regex for names

正则表达式的名称