Hi, i've recently started to creare my own blogging script for a new site i'm doing - one issue that i've come accross is i obviously want the script to be secure from sql injection attacks and hacks so i've been advised to use a number of php functions (stripslashes, htmlspecialchars etc ...). The problem ive got is im wanting to be able to include html code to insert links, and perhaps things like youtube videos etc... but at the minute all that happens is the code gets inserted as plain text. Any advise on this would be much appreciated. Regards
strip_tags($stringyouwanttostriptags, '<p><a>'); I am sure this will work. strip_tags strips all tags out of whatever you want to strip, then if you want to still have tags in it you can allow them. I only use this function for stripping the html tags off of things, but i use it on all of my scripts and it hasn't failed me. Also your best alternative is to code html into things is to use something like BBCODE! Gotta love the stuff. etc.