hi mipapage

if you just wanted to remove html tags, use strip_tags()

if you wanted the full kaboodle, you could download a good php forum software and dissect the code that they use for removing / replacing certain tags, making links clickable, etc.

although probably you wouldn't want users to post html, so you could use strip_tags() and then preg_replace for
any characters / words (swear words for instance) you don't want appearing.

if you wanted the full kaboodle, you could download a good php forum software and dissect the code

Thanks for the ideas - this is something to look into... good ol' reverse engineering.

Word on the street is that you can use

xml_parse

to check for 'well formedness'. I found this snippet in another forum (slightly modified) but can't get it to work. Any ideas?

<?php  
$x = "<fruits> 
 <fruit> 
 <type>apple</type> 
 <color>red</color> 
 </fruit> 
 <fruit> 
 <type>lemon</type> 
 <color>green</color> 
 </fruit> 
</fruits>"; 
$parser = xml_parser_create();  
$success = xml_parse($parser, $x);  
 if($success === false) {  
 $error_code = xml_get_error_code($parser);  
 echo "error: ".xml_error_string($error_code)."<BR>";  
 echo "row number: ".xml_get_current_line_number($parser)."<BR>";  
 echo "column number: ".xml_get_current_column_number($parser)."<BR>";  
 }  
 elseif($success === true) { // validated, now display values  
 echo "true"; 
foreach($fruits as $value){  
 echo $value['type']."¦".$value['color']."<br>";  
 }  
 } 
else echo "This script is ***k'd"; 
?>

This would do the trick for what I am after, if it does what I think it does!

*sunday bump*

One last try.

Anyone know why I can't get the code in msg#4 to work?

Hi mipapage,

Sorry I missed this the first time and the second time.

I'd change
if($success === false) to if(!$success)
and
if($success === true) to if($success)

because the return value is boolean. It's gotta be one or the other.

Past that, in my very limited knowledge of xml, I think you need to xml_set_element_handler and xml_set_character_data_handler.

Timotheos,

Thank you! The if(!$success) and if($success) did it for me, though now that I have something that works I will look into some of the other functions.

Thanks a lot!

If you're not fussed about user comments containing HTML just output comments through html_entities() [uk.php.net] and don't worry about it.

html_entities() converts all HTML special characters, such as '<' and '>' into their corresponding entity values, such as '&lt;' and '&gt;'. This means someone can try and break your page as hard as they like - they won't be able to.

Notice how WebmasterWorld has handled this post without the page breaking!

dmorison,

I hear ya (I think?), but I want the page to validate to xhtml strict, and plan on delivering it as xml to browsers that support it.

So in fact I do want users to mark-up their comments, and this, I think, will help do the job.

Otherwise your suggestion would fit the bill (and actually, will be used to get the correct entities for the posts...)

Do entities break XHTML validation?

Glad it worked. If you're just checking for good xml then you don't need to bother with those other functions. I just thought since your trying to print out "fruits" that you wanted to parse out the elements and data.

@dmorison

No, that's why I'm not sure I get you! :-]

What I wanted was for the user to post comments using valid xhtml. I would convert the entities that would be necessary to convert, like quotes etc.

Truth be told, I still need to do some experimenting. Now that this little pesky problem is sorted I was going to start getting back into this validation thingy...

[edited by: mipapage at 8:54 pm (utc) on Jan. 20, 2004]

@Timotheos

I just thought since your trying to print out "fruits" that you wanted to parse out the elements and data.

Right. See how little I know! Thanks.

Time to hit php.net and read up it seems. Now that this is working, all the more easy.

(Can't wait for the day that I spend less time in the manual and more time coding (not debugging, coding).)

What I wanted was for the user to post comments using valid xhtml.

For a comments log; I don't see any need to worry about users submitting valid XHTML code.

Would any of your visitors know what XHTML stands for, let alone know how to produce valid markup.

Using html_entities() when you output their comments (which I presume will be stored in a database somewhere) means you don't have to worry about it; nothing they type in will break your page or affect XHTML validation.