sanitize textarea DG - PHP Online
Form of PHP Sandbox
Enter Your PHP code here for testing/debugging in the Online PHP Sandbox. As in the usual PHP files, you can also add HTML, but do not forget to add the tag <?php
in the places where the PHP script should be executed.
Result of php executing
Full code of sanitize textarea DG.php
- <?php
- function db_escape($text){
- //for example mysqli_real_escape_string
- return($text);
- }
- function br2nl($text){
- return preg_replace('/\<\/br(\s*)?\/?\>/i', "\n", $text);
- }
- function _toUTF8($m){
- if(function_exists('mb_convert_encoding')){
- return mb_convert_encoding($m[1], "UTF-8", "HTML-ENTITIES");
- }else{
- return $m[1];
- }
- }
- function entToUTF8($input){
- return preg_replace_callback('/(&#[0-9]+;)/', '_toUTF8', $input);
- }
- //create an array of all relevant textareas
- $textareas = array("ta1");
- foreach($_POST as $k => $v)
- {
- $v = trim($v);//so we are sure it is whitespace free at both ends
- //preserve newline for textarea answers
- if(in_array($k,$textareas))$v=str_replace("\n","[NEWLINE]",$v);
- //sanitise string
- $v = filter_var($v, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH | FILTER_FLAG_STRIP_BACKTICK);
- //now replace the placeholder with the original newline
- $_POST[$k] = str_replace("[NEWLINE]","\n",$v);
- }
- $string="<HACKING> òàèìù !(!«´««“‘\\\\\\\\{{{{»”’«“‘»{}}\n\n{:,.lò </HACKING>";
- $string="placeholder";
- if(!isset($_POST)){
- $_POST['ta1']=$string;
- $_POST['txt1']=$string;
- }
- // $out = entToUTF8(br2nl(db_escape($string)));
- // print "input=\t".$out;
- // print ("\noutput=\t".$out);
- ?>
- <!doctype html>
- <html>
- <head>
- <meta charset="utf-8">
- <title>Filter test</title>
- </head>
- <body>
- <form action="" method="post">
- <p>
- <textarea name="ta1" cols="30" rows="10"><?php echo $_POST['ta1']; ?></textarea>
- </p>
- <p>
- <input type="text" name="txt1" size="30" value="<?php echo $_POST['txt1']; ?>" />
- </p>
- <p>
- <input type="submit" />
- </p>
- </form>
- </body>
- </html>