hi everyone,
i wanted to follow-up that post i made last week. what i've done is combined a few code snippets i found on phpbuilder.com and sourceforge into two functions. (oops! sorry i don't have the authors' names on-hand, but i tell you what: they rule like Zuul.)
clean_textarea takes content submitted on a web form and prepares it for entry into a MySQL database. it tries to make the HTML safe and turns e-mail and web addresses into links. dirty_textarea prepares that same block of text for entry back into a web form.
i only have one problem to solve (that i'm aware of): i need to make the clean_textarea function smart enough so that if it comes across an e-mail or web address that already has <a> tags surrounding it it won't try to add them again. anyone proficient at regex? :-)
here are the functions. if you have any suggestions, do please comment!
function clean_textarea($textarea) {
/* allows only the tags listed in the approvedtags array
1 means accept the tag only (<p>)
2 means accept all qualifiers (<p align="center">) */
$approvedtags = array(
"br"=>1,
"b"=>1,
"i"=>1,
"u"=>1,
"small"=>1,
"blockquote"=>1,
"hr"=>1,
"ol"=>1,
"ul"=>1,
"li"=>1,
"img"=>2
);
$keys = array_keys($approvedtags);
$textarea = stripslashes($textarea);
$textarea = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>","<\\1>",$textarea);
$tmp = "";
while (eregi("<([^> ]*)([^>]*)>",$textarea,$reg)) {
$i = strpos($textarea,$reg[0]);
$l = strlen($reg[0]);
if ($reg[1][0] == "/") { $tag = strtolower(substr($reg[1],1)); }
else { $tag = strtolower($reg[1]); }
if (in_array($tag,$keys) && $a = $approvedtags[$tag] ) {
if ($reg[1][0] == "/") { $tag = "</$tag>"; }
elseif ($a == 1) { $tag = "<$tag>"; }
else { $tag = "<$tag".$reg[2].">"; }
}
else { $tag = ""; }
$tmp.= substr($textarea,0,$i) . $tag;
$textarea = substr($textarea,$i+$l);
} //while
$textarea = $tmp . $textarea;
//find e-mail and web addresses and give them <a> tags
$textarea = eregi_replace("[^\"](http://[[:alnum:]#?/&=.,]*)", " <a href=\"\\1\">\\1</a>", $textarea);
$textarea = eregi_replace("(^[a-z]*://[[:alnum:]#?/&=.,]*)", " <a href=\"\\1\">\\1</a>", $textarea);
$textarea = eregi_replace("(([a-z0-9_]|\\-|\\.)+@([^[:space:]]*)([[:alnum:]-]))", "<a href=\"mailto:\\1\">\\1</a>", $textarea);
//block php tags
$textarea = ereg_replace("<\?","",$textarea);
//make safe for entry into MySQL
$textarea = addslashes($textarea);
//convert new line into <br>
$textarea = nl2br($textarea);
return $textarea;
}
function dirty_textarea($textarea) {
$textarea = stripslashes($textarea);
$textarea = ereg_replace("<br>", "", $textarea);
return $textarea;
}
i wanted to follow-up that post i made last week. what i've done is combined a few code snippets i found on phpbuilder.com and sourceforge into two functions. (oops! sorry i don't have the authors' names on-hand, but i tell you what: they rule like Zuul.)
clean_textarea takes content submitted on a web form and prepares it for entry into a MySQL database. it tries to make the HTML safe and turns e-mail and web addresses into links. dirty_textarea prepares that same block of text for entry back into a web form.
i only have one problem to solve (that i'm aware of): i need to make the clean_textarea function smart enough so that if it comes across an e-mail or web address that already has <a> tags surrounding it it won't try to add them again. anyone proficient at regex? :-)
here are the functions. if you have any suggestions, do please comment!
function clean_textarea($textarea) {
/* allows only the tags listed in the approvedtags array
1 means accept the tag only (<p>)
2 means accept all qualifiers (<p align="center">) */
$approvedtags = array(
"br"=>1,
"b"=>1,
"i"=>1,
"u"=>1,
"small"=>1,
"blockquote"=>1,
"hr"=>1,
"ol"=>1,
"ul"=>1,
"li"=>1,
"img"=>2
);
$keys = array_keys($approvedtags);
$textarea = stripslashes($textarea);
$textarea = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>","<\\1>",$textarea);
$tmp = "";
while (eregi("<([^> ]*)([^>]*)>",$textarea,$reg)) {
$i = strpos($textarea,$reg[0]);
$l = strlen($reg[0]);
if ($reg[1][0] == "/") { $tag = strtolower(substr($reg[1],1)); }
else { $tag = strtolower($reg[1]); }
if (in_array($tag,$keys) && $a = $approvedtags[$tag] ) {
if ($reg[1][0] == "/") { $tag = "</$tag>"; }
elseif ($a == 1) { $tag = "<$tag>"; }
else { $tag = "<$tag".$reg[2].">"; }
}
else { $tag = ""; }
$tmp.= substr($textarea,0,$i) . $tag;
$textarea = substr($textarea,$i+$l);
} //while
$textarea = $tmp . $textarea;
//find e-mail and web addresses and give them <a> tags
$textarea = eregi_replace("[^\"](http://[[:alnum:]#?/&=.,]*)", " <a href=\"\\1\">\\1</a>", $textarea);
$textarea = eregi_replace("(^[a-z]*://[[:alnum:]#?/&=.,]*)", " <a href=\"\\1\">\\1</a>", $textarea);
$textarea = eregi_replace("(([a-z0-9_]|\\-|\\.)+@([^[:space:]]*)([[:alnum:]-]))", "<a href=\"mailto:\\1\">\\1</a>", $textarea);
//block php tags
$textarea = ereg_replace("<\?","",$textarea);
//make safe for entry into MySQL
$textarea = addslashes($textarea);
//convert new line into <br>
$textarea = nl2br($textarea);
return $textarea;
}
function dirty_textarea($textarea) {
$textarea = stripslashes($textarea);
$textarea = ereg_replace("<br>", "", $textarea);
return $textarea;
}
