I run a niche social network site. I would like to disallow HTML content in user posted messages; such as embedded videos etc. what option is there in php to clean this up before I insert into the db.
There are three basic solutions:
- Strip all HTML tags from the post. In PHP you can do this using the
- Encode all the characters, so that if a user types
<b>hello</b>it shows up as
<b>hello</b>. In PHP this is the
htmlspecialchars()function. (Note: in this situation you would generally store the content in the database as-is, and use htmlspecialchars wherever you output the content.)
<object>in your case).
You could use the