Data entry validation allowing HTML TAG

4

I need to do a validation, always valid on the client side / JS and server / PHP, and allow the user to enter some TAGs for formatting the final result, any tips on how to do this? Is it better to use a field of type textarea or use an editor?

Some TAGs that I want to allow:

h1 a h6
<p>
<u>
<strong>
<address>
<strong>
    
asked by anonymous 01.12.2014 / 14:25

2 answers

4

You can use this function from native php strip_tags($texto, $tags_permitidas); for example:

strip_tags("<strong><span class='block'>texto a ser filtrado</span></strong>", '<strong>');

in this way the result would be:

<strong>texto a ser filtrado</strong>

For more information see the documentation:

link

    
01.12.2014 / 15:09
2

I created the function below to save the user data, did some tests and was able to execute the filter and save successfully.

function fDescribe() { 
        functions::startSession();
        if($_POST['token'] == $_SESSION['token']) {
            $this->describeC = strip_tags($_POST['textarea'],
             '<h1><h2><h3><h4><h5><h6><p><u><strong><em><address><strong><br><abbr>');

            $this->conn = parent::getCon();                                 
            $this->pQuery = $this->conn->prepare("update table set description=? where user_id=? limit 1"); 
            $this->pQuery->bindParam(1, $this->describeC);
            $this->pQuery->bindParam(2, $_SESSION['id']);
            $this->result = $this->pQuery->execute();
            unset($this->conn); 
            if($this->result == true) {
                functions::generateJsonMsg('success', null, null, null, null);
                exit();
            } else  {
                functions::generateJsonMsg('fault', 'queryFault', null, null, null);
                exit();
            }                               
    } else 
        return false;   
}
    
02.12.2014 / 03:21