The solution for this problem (doing it in the matter that you are suggesting) is certainly going to involve preg_replace(). However, this will require you to match only the tags you want to let through (which is always dangerous) and then strip out all of the rest of them. This can be very tricky to say the least. A common way that forums deal with this problem is that rather than letting users create url links they create their own "specialized" format for letting users create urls. For instance: [url=http://somesite.com/path/to/somepage.php] This way you can still strip out all < and > characters as well as the text in between them. And now you've limited the problem text to everything inside the pattern [url=*]. You'll still have to look out for MySQL commands, but you've at least limited the problem with tags. -- Teach a man to fish... NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-general&w=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php LAZY | http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins
Attachment:
signature.asc
Description: OpenPGP digital signature
