Dave:
I visited your website. I see that you wish to put the links in the middle
of the text, which I didn't understand before.
Now, if you let your users write tags you are bound to have a substantial
number of them who don't even know what 'tag' means, let alone any
occasional malice.
Perhaps one way to circumvent the problem is to let them write just "link1",
"link2", "link3" in the textarea, and input the link names and urls
separately, e.g like this:
<!-- STEP 1. INPUT FORM -->
<form method= "post" ...>
Dear user: Please include "link1", "link2" ... as placeholders in the text
and the actual linknames and urls in the boxes below:
<textarea ...>thetext</textarea>
Link1:
Linkname<input type="text" name="linkname1" ...>
Url<input type="text" name="url1"><br />
Link2:
Linkname<input type="text" name="linkname2" ...>
Url<input type="text" name="url2"><br />
...
Link10:
Linkname<input type="text" name="linkname10" ...>
Url<input type="text" name="url10"><br />
</form>
// STEP 2 RECEIVE AND VALIDATE THE POSTED VALUES
if(isset($_POST["linkname1"]) && isset($_POST["url1"])
{ // INSERT THE VALUES IN THE DATABASE }
if(isset($_POST["linkname2"]) && isset($_POST["url2"])
{ // INSERT THE VALUES IN THE DATABASE }
...
if(isset($_POST["linkname10"]) && isset($_POST["url10"])
{ // INSERT THE VALUES IN THE DATABASE }
// STEP 3 RETRIEVE (SELECT) THE VALUES FROM THE DB
$linkname1= "thename1"; $url1= "theurl1";
$linkname2= "thename2"; $url2= "theurl2";
...
$linkname10= "thename10"; $url10= "theurl10";
// STEP 4 DEFINE THE STRINGS TO BE DISPLAYED WITH <A> TAGS
$link1= "<a href=\"$url1\">$linkname1</a>
$link2= "<a href=\"$url2\">$linkname2</a>
...
$link10= "<a href=\"$url10\">$linkname10</a>
// SUBSTITUTE THE NEW VARS INSTEAD OF THE PLACEHOLDERS
$thetext= "This is the text to be shown";
$thetext.= substr("link1", $link1)ETC; // CHECK SYNTAX
// THE TEXT WITH THE LINKS INCLUDED
$thetext= "This is the text to be shown, which includes $link1" .
"and then $link2 and last but not least $link10" .
"Blah Blah Blah.";
?>
<!-- STEP 5 WRITE THE DISPLAY -->
<img src="thephoto.jpg">
The text to be shown, with the included links, is this: <?=$thetext?>
Hope this helps.
Alberto Brea
-----Original Message-----
From: Dave <dave@xxxxxxxxxxxxxxx>
To: php-general@xxxxxxxxxxxxx
Date: Sat, 26 Feb 2005 12:27:04 +0900
Subject: Re: [NEWBIE] How to allow for <a href> tags but no others?
> Alberto, John, Jochem, Richard, Tyler,
>
> Thank you for your very helpful advice. So far I'm thinking of
> definitely including some of Tyler's code for doing some filtering,
> along with the other commands mentioned, like strip_tags() for securing
> the input.
>
> However, I would like to ask further about what Alberto was talking
> about in terms of storing the url separately. Someone mentioned that
> "Chris" suggested making my own syntax, but I somehow the response from
> Chris didn't get to me, so I'm not sure what that implies.
>
> Without a doubt, it would be better to save the URL separately, and
> then refuse any other user attempts at hand coded HTML. But the problem
> that I can't quite resolve is how to get separately stored URLs into
> inline text in such a way that a non-HTML literate user could handle.
> Right now I offer the user the option of saving a web link with a
> title separately from the block of text. They can create a user profile
> which looks like this:
> http://www.tokyocomedy.com/people.php?person=7 (Page has Japanese
> text)
> But that's not quite satisfactory. I'm trying to give people the
> option of having profiles that look like this:
> http://www.tokyocomedy.com/people.php?person=11 (Page has
> Japanese
> text)
>
> I can set up the form for users to input multiple URLs, but how can
> I
> then allow them to place them in the desired location in their text?
>
> --
> Dave Gutteridge
> dave@xxxxxxxxxxxxxxx
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
