Forums

WordPress › Support » Miscellaneous

How can I remove html attributes in php? (4 posts)

  1. omgwtf
    Member
    Posted 8 years ago #

    Hi,

    I'm fairly new to php and I have some problems. I made a form. It enters data into mysql. I did that successfully. Now, showing stuff from mysql is what I'm having problems with.
    How can I remove bad html like <A HREF=""onMouseOver="document.bgColor='black'">Black. I have no problems with <a href="bla"></a>but I dont want onclick, onmouseover or any other javascript.

    My current code is

    -----------------------------------<br />
    $querytext = "SELECT text_change FROM textpad LIMIT 1";<br />
    $textyresult = mysql_query ($querytext);<br />
    while ($row = mysql_fetch_assoc ($textyresult)) {

    $text_change = strip_tags ($row['text_change'], '<a><b><i><u><strike>');

    echo $text_change;<br />
    -----------------------------------------

    strip_tags seems to only remove html tags and not attributes. Anything similar?

  2. omgwtf
    Member
    Posted 8 years ago #

    Ok, I think I got it.
    $bullshittags = array("javascript:", "onclick", "ondblclick", "onmousedown", "onmouseup", "onmouseover", "onmousemove", "onmouseout", "onkeypress", "onkeydown", "onkeyup", "onMouseOver");
    $textpad_clean = str_replace($bullshittags, "", "$text_change");

    But, it seems to take the array case-sensitive.

  3. omgwtf
    Member
    Posted 8 years ago #

    I feel like an idiot now:
    http://www.php.net/strip_tags

  4. sunshine
    Member
    Posted 8 years ago #

    WordPress includes kses, so you could also make use of that.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.