on 05/01/03 5:24 AM, Seraphim ([EMAIL PROTECTED]) wrote: > I use the htmlspecialchars() function to disable all html. This function > basically puts a '\' in front of eacht html character and thus disables all > html. > You may not want to do this if you want to allow, for example <b></b> or > other friendly html. If so you can use a regex to disable the <script> or > </table> tags. > > Now that I think about it, it might be better to disable all html and later > enable <i>,<b> etc (or define your own, like a lot of forums seem to do).
What about striptags()? Designed EXACTLY for disabling HTML tags, except for a list you allow: <? $text = stiptags($text,'<b><i>'); // allows bold and italics ?> Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php