PHP Input Filtering

There are a hundred and one ways to filter data in PHP. Lets a have a run through some of them.

This function removes HTML tags from a string. for example ‘hello world‘ becomes ‘hello world’. Sounds great, eh? Unfortunately it’s not a perfect solution. For example the contents of a pair of SCRIPT or STYLE tags would not get stripped out but the tags would be removed. You would therefore get a load of style and/or script written out on the page. Apparently if you put a BR inside between a pair of A tags it can cause issues (although I’ve just tried to duplicate this it seems to work all right). It can also join words together by removing that tags that were in between them.
To get around this problem you should remove any text that should be invisible (I.E. inside SCRIPT and STYLE tags) and by inserting BR tags before and after block elements. A good example of this can be found here.
PHP Manual Page

An example:

$bad = '<b>bold text</b><i>italic text</i><a href="#">link over two <br> lines goes here</a><style>body { background-color: #FF0000;</style><script>alert("muaahahahahaa!!!");</script>';
$good = strip_tags($bad, '<b><i><br>');
echo $good;

The above code would produce:

bold textitalic textlink over two
lines goes herebody { background-color: #FF0000;alert(“muaahahahahaa!!!”);

When writing out text from PHP/MySQL out to an HTML page you need to be aware of HTML’s special characters. Certain characters are considered special by HTML and will produce odd results/errors if used incorrectly. These characters should be replaced with their corresponding HTML codes. HTML codes consist of an & followed by some letters or numbers and ended with a ;. For example an ampersand (&) on its own will cause a validation error (because the renderer will see the & and expect an HTML code). Instead of the symbol “&”, the HTML code & should be used instead. For more about HTML characters, ask the google

Had more to add but ran out of time…watch this space…


About Mr Chimp

I make music, draw pictures, browse the internet, programme, and make sweet, sweet cups of tea until the early hours.
This entry was posted in Uncategorized and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s