HTML Formatting
Often if you want to output HTML code onto a page from a database, and you don’t want it to be executed as HTML, you need to convert the tag to it’s HTML entity. This is a representation of the character that the browser doesn’t parse, i.e. the < symbol’s HTML entity is: &lt; and the & symbol: &amp;

Surprisingly, converting tags to their entities is as easy as 1, 2, 3 - PHP has a few inbuilt functions that do it for you! We will look at the htmlentities() function in this example, as it covers most of everything you will probably use. This function simply returns the string, with the tags encoded as entities. So, if we input “<&” it will return “&lt;&amp;”.

Our administrator from the previous section knew of this function, so he implemented it in his scripting, so that if somebody put in some HTML by accident into their overview, it would convert it. Let’s see what he came up with:
 

Done! Its as simple as that! None of the inputted HTML will be parsed, and it will simply appear as you would code it!

Now, let’s say he had a section where the user could input customized HTML code for their headings of the overviews. He thought he could simply take the “entitized” header code (because it’s a separate variable in this example) and convert it back to HTML. Possible? Of course! He uses the function: html_entity_decode(). It accepts an entitized string and return the HTML’ized version of that string. Let’s see what he came up with:
 

<?php $header = $_POST['header']; $entities = htmlentities($header); # $entities contains the html tags converted to entities $html = html_entity_decode($entities); # $html contains the regular html again ?>

By now, our administrator is a PHP expert, so he decides that instead of converting the HTML tags to entities, he’ll simply take them all out! To do this, he uses strip_tags(). The arguments for this function are: [string], [allowable tags]. So, if he inputs a string and defines <b> as allowable, it won’t remove the <b> tag, but will remove all other HTML tags. Let’s see what he came up with:
 

<?php $text = $_POST['overview']; $text = strip_tags($text, "<h1>"); ?>

He’s smart, so he tells PHP to strip every tag except <h1> so that coaches can still have headings in their overviews! Now let’s move on to replacing letters and words.

Replacing letters or words
This can be an important feature if, for example, the administrator wanted all personal references to him to be replaced with “The Administrator”. Luckily PHP has a couple of functions to do this for him!  To keep things simple, though, we will only look at one: str_replace(). This function accepts the arguments: [look for], [replacement], [string], [optional- count]. You don’t have to input the count variable, but that will specify how many occurrences of [look for] to replace. I.e. only replace the first two names, then leave the rest, etc.

Let’s see what he did:

<?php $text = $_POST['overview']; $text = str_replace("John", "The Administrator", $text); ?>

So, if a coach inputs “Unfortunately, John was too lazy to make it to our match today…” it would be returned as: “Unfortunately, The Administrator was too lazy to make it to our match today…”. Voila! You can use this for swear word filters, tooltip entries, anything!

Let’s fly on to form posted text.

Form Posted Text
This is a short section, as there is really only two functions I’m going to cover - Ones that add and remove slashes behind specific characters that would cause the script to work incorrectly, or die altogether. They are used very regularly in web forms to add slashes behind quotes to stop them from exiting PHP syntax.

The function we use to add slashes is, ironically enough, called addslashes(). It simply takes a variable in, and returns the formatted string with slashes on it. Some browsers do this by default now, but it’s good to be safe.

Then, once you’ve got through all the posting and transport, simply use stripslashes() to remove those slashes again and your string is as normal!

<?php $text = $_POST['overview']; $safe = addslashes($text); # example – Today Mary said "Hello" is returned as Today Mary said \"Hello\" $normal = stripslashes($text); # example – string is Today Mary said "Hello" again ?>

And that’s all for this subsection. If you want to learn more, try these links:
http://www.php.net/addslashes & http://www.php.net/stripslashes

- Tutorial written by Scrowler

Pages (4): <Prev 1 [2] 3 4 Next>

Automatic Translations: