strip_tags Validation

[eluser]Kemik[/eluser]
Hello,

I'm building a comment form for my news articles and want to validate them. However the user will need to be able to post pretty much all characters bar html, php, anything that will change the layout, etc.

I believe PHP's strip_tags() function will remove any html and php from the string, but how would I add this to the validation? I cannot just add strip_tags to the end of my current rules can I?

E.g. $form->comment->rule = "trim|required|max_length[350]|xss_clean|string_tags";

Note, I'm using rapyd but that shouldn't make any difference to the validation, just the way I create forms.

Thanks.

[eluser]deand[/eluser]
Hi Kemik,

Actually, you should be able to do it by just by adding it to the rules. From the CodeIgniter's user guide:

Any native PHP function that accepts one parameter can be used as a rule, like htmlspecialchars, trim, MD5, etc.

.

strip_tags() can accept one parameter. The only problem is that you can't specify which tags you don't want to strip, with only one paramter.

I'm not sure I understood you correctly. I hope it helps.

[eluser]Derek Allard[/eluser]
Yup, you are exactly correct. You could just add strip_tags to your rules. That said, as deand points out, you won't be able to specific the tags to "exempt" from the strip, so you might want to do a custom callback.

[eluser]Kemik[/eluser]
Weird. I thought that too, but when I added strip_tags to the end of the rules it still shown with the html on the screen.

E.g. I submit Hello! This <em>is</em> a <strong>comment</strong>.

And it will show with the is as italic and comment as strong/bold.

[eluser]Derek Allard[/eluser]
Could you create a reduction test for me (a minimal controller with the least amount of code possible to re-create the problem). If you do, I'll dig further for you.

[eluser]Kemik[/eluser]
I tried with the following code and it worked. I'll look over my current code and see if there's something missed.

Code:

<?php

class Test extends Controller
{
    function Test()
    {
        parent::Controller();
        
        $this->load->library("rapyd");        
    }
    
    function index() // Displays news
    {        
        $this->rapyd->load("dataform");
        
        $form = new DataForm("test", null);
        
        // Field
        $form->comment = new textareaField("Comment", "comment");
        $form->comment->rule = "trim|required|strip_tags";
        
        // Buttons
        $form->submit = new submitField("Add Comment", "submitbtn");  
        
        $form->build_form();
        
        if  ($form->on_show() || $form->on_error()) {  
            echo $form->output;
        }  
        
        if ($form->on_success()){  
            echo $this->input->post("comment");
        }        
    }
}

?>

EDIT: Nope. I stripped the rules all the way down to the same as above yet it still get the problem. Should I post the controller I'm having issues with?

[eluser]Kemik[/eluser]
Ohh I think I'm having one of those days. I originally made the add comment form a separate controller but today I moved the form to the comments page as it made more sense. The only thing is, I forgotten to change the DataForm url from news/addcomment/$news_id/process to news/comments/$news_id/process.

I had a feeling something was being passed to the old function and tried adding the strip_tags there. It worked! I've now changed the DataForm url and everything works great.

Sorry for wasting your time and thanks for offering to help.

[eluser]Derek Allard[/eluser]
No problem at all. Glad you got it resolved!