CodeIgniter Forums
There has got to be a better way to do this (Input Handling/Tag stripping) - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: There has got to be a better way to do this (Input Handling/Tag stripping) (/thread-11199.html)



There has got to be a better way to do this (Input Handling/Tag stripping) - El Forum - 08-29-2008

[eluser]awpti[/eluser]
Right now, when I run through validation, before I do my insert I run almost all input through htmlentities as such;
Code:
$input_data = array
(
    'job_passphrase'        => $this->input->post('job_passphrase'),
    'job_edit_key'          => md5($this->input->post('passphrase').date('U')),
    'job_company'           => htmlentities($this->input->post('job_company')),
    'job_location'          => htmlentities($this->input->post('job_location')),
    'job_website'           => htmlentities($this->input->post('job_website')),
    'job_email'             => $this->input->post('job_email'),
    'job_title'             => htmlentities($this->input->post('job_title')),
    'job_category'          => $this->input->post('job_category'),
    'job_description'       => htmlentities($this->input->post('job_description')),
    'job_to_apply'          => $fixed_apply,
    'job_to_apply_type'     => $to_apply_type
);

This doesn't seem terribly elegant or intelligent. I really don't want any HTML at all inside of a post. I'd rather strip the tags and leave the content intact without heavy usage of regular expressions - but I doubt there is a way to avoid regex. None that I can think of anyway.

How do you handle form input if you don't want any html in the body of the content?

I'm trying to push out version 2.0 of IgnitedJobs (and I have no idea why - it's not ever going to get any usage. Good ol' catch 22. No traffic due to no posts, no posts because of no traffic.


There has got to be a better way to do this (Input Handling/Tag stripping) - El Forum - 08-29-2008

[eluser]plainas[/eluser]
I would use htmlspecialchars() instead. If you use UTF-8 there's no need for htmlentities() as all those entities are already avialable in Unicode's UTF-8.

If you run a string through htmlspecialchars() you can safely display it. All < > and / will be parsed into their entity so you're sure no html is parsed by the browser.

But it sounds to me that you're looking for something like this instead:
http://se2.php.net/strip-tags

Also, since you're passing a lot of functions through the same function the array_map() function might come in
http://se2.php.net/array_map

remember you can pipe any php function that accepts one argument throug your validation class.
Check the manual where it shows how to prep data:
http://ellislab.com/codeigniter/user-guide/libraries/validation.html


There has got to be a better way to do this (Input Handling/Tag stripping) - El Forum - 09-08-2008

[eluser]@li[/eluser]
Just do
Code:
$_POST=array_map('htmlentities',$_POST);

to have the entire $_POST array htmlentities()ed