Welcome Guest, Not a member yet? Register   Sign In
There has got to be a better way to do this (Input Handling/Tag stripping)

Right now, when I run through validation, before I do my insert I run almost all input through htmlentities as such;
$input_data = array
    'job_passphrase'        => $this->input->post('job_passphrase'),
    'job_edit_key'          => md5($this->input->post('passphrase').date('U')),
    'job_company'           => htmlentities($this->input->post('job_company')),
    'job_location'          => htmlentities($this->input->post('job_location')),
    'job_website'           => htmlentities($this->input->post('job_website')),
    'job_email'             => $this->input->post('job_email'),
    'job_title'             => htmlentities($this->input->post('job_title')),
    'job_category'          => $this->input->post('job_category'),
    'job_description'       => htmlentities($this->input->post('job_description')),
    'job_to_apply'          => $fixed_apply,
    'job_to_apply_type'     => $to_apply_type

This doesn't seem terribly elegant or intelligent. I really don't want any HTML at all inside of a post. I'd rather strip the tags and leave the content intact without heavy usage of regular expressions - but I doubt there is a way to avoid regex. None that I can think of anyway.

How do you handle form input if you don't want any html in the body of the content?

I'm trying to push out version 2.0 of IgnitedJobs (and I have no idea why - it's not ever going to get any usage. Good ol' catch 22. No traffic due to no posts, no posts because of no traffic.

I would use htmlspecialchars() instead. If you use UTF-8 there's no need for htmlentities() as all those entities are already avialable in Unicode's UTF-8.

If you run a string through htmlspecialchars() you can safely display it. All < > and / will be parsed into their entity so you're sure no html is parsed by the browser.

But it sounds to me that you're looking for something like this instead:

Also, since you're passing a lot of functions through the same function the array_map() function might come in

remember you can pipe any php function that accepts one argument throug your validation class.
Check the manual where it shows how to prep data:

Just do

to have the entire $_POST array htmlentities()ed

Theme © iAndrew 2016 - Forum software by © MyBB