[plug] Stripping out Markups in SQL
Lyndon Kroker
ljkroker at netvigator.com
Sat Sep 14 17:19:15 WST 2002
You may want to consider the use of PHP as there is a custom function for
this. PHP can be imbedded into the text of an html document if required.
The function is called strip_tags(). Here is an example:
$string = strip_tags($string, '<a><b><i><u>');
The tags supplied in the second argument are the _allowable_ tags, and you
can enter whatever tags you want to allow.
<?php
$query = "SELECT myhtmlstuff FROM mytable";
$result = mysql_query($query) or
die (mysql_error());
$row = mysql_fetch_array($result);
$my_html = $row[myhtmlstuff];
// allow bold, undreline and italic
$stripped_html = strip_tags($my_html, '<b><u><i>');
// output to screen
echo $stripped_html;
?>
To make the script more secure the variables should be initialized. Amoung
other things this will help stop variables from being passed via a URL.
If you want to read more about this fuction just http://www.php.net/ followed
by the function name. For example:
http://www.php.net/strip_tags
Hope this helps,
Lyndon
More information about the plug
mailing list