LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
Reload this Page Sanitizing HTML output in PHP
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 06-12-2009, 08:12 PM   #1
CoderMan
Member
 
Registered: Jan 2009
Location: Gemini Capsule 25164
Distribution: Gentoo
Posts: 375
Blog Entries: 24

Rep: Reputation: 43
Question Sanitizing HTML output in PHP

Hey, you PHP gurus: What do you guys use for purifying HTML output?

My need: I'm working on a small PHP/MySQL project for work. Most of the page output is my own HTML, but some of it is entered by users. I'm not a very proficient web programmer, but I figured that I should make sure that these parts of my pages don't output pr0n img tags or links to external sites.

I'd much rather do the filtering on the (HTML) output side than on the (user) input side. I've heard of HTML Purifier, but I didn't really want to try integrating a whole system at this point - just wanted to make sure a few lines of HTML output are okay.
Last edited by CoderMan; 06-12-2009 at 08:13 PM.
 
Old 06-13-2009, 04:02 AM   #2
vvopenka
LQ Newbie
 
Registered: Sep 2006
Location: Prague
Distribution: Ubuntu 10.04
Posts: 18

Rep: Reputation: 1
Even though I'm not a PHP guru I would recomend Zend_Filter StripTags. You can specify, which html or php tags you want to keep and all others will be removed. See http://framework.zend.com/manual/en/....set.striptags
 
Old 06-13-2009, 02:04 PM   #3
paulsm4
LQ Guru
 
Registered: Mar 2004
Distribution: SusE 8.2
Posts: 5,863
Blog Entries: 1

Rep: Reputation: Disabled
Hi -

1. As far as PHP security, your best bet is safe coding practices. There are lots of sites; there's lots of good information on this site alone:

http://www.tutorialized.com/tutorials/PHP/Security/1
<= You have to click two or three levels down to get to the actual tutorials ...
... but they're worth it!

2. HTML vulnerabilities are certainly one area worth protecting against. But SQL vulnerabilities (e.g. SQL injection) are equally worthy of your attention:
http://www.tutorialized.com/view/tut...-hackers/41498
<= You can find many, many other sites discussing SQL injection, and related issues

3. Finally, if you're new to SQL, I would encourage you to get this book:

SQL Queries for Mere Mortals, John L. Viescas; Michael J. Hernandez
<= This will pay for itself within hours! Satisfaction guaranteed!

'Hope that helps .. PSM
Last edited by paulsm4; 06-13-2009 at 03:48 PM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
sanitizing the linux machine rehan999 Linux - Software 21 01-14-2009 02:22 AM
How do I output information from a PHP page to an HTML page? SentralOrigin Programming 3 01-10-2009 01:54 AM
Apache rending php when filename is x.php.html mastahnke Linux - Server 6 01-22-2007 08:39 AM
Charset in html-output from DocBook? BoonZie Linux - Software 0 12-14-2004 03:59 PM
Control print output from PHP/HTML... PDF? alar Linux - General 1 08-05-2004 01:20 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 03:31 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration