[Israel.pm] RegEx in HTML Character

Yona Shlomo yona at cs.technion.ac.il
Mon Jan 28 10:46:21 PST 2008


On Mon, 28 Jan 2008, Georges EL OJAIMI wrote:

> Hello,

Hello,

> I am customizing my own RTE and trying to reduce it to only 4 few elements, in order to prevent HTML characters and SQL injection into the database, I modified the tags like the following:
>

How does the following help prevent HTML characters and SQL
injection into the database?

> [b]bold[/b]
>
> [i]italic[/i]
>
> [u]underline[/u]
>
> [url=http://www.url.com]url[/url]
>
> I want to replace each tag on the fly by its real HTML tag while displaying it to the end user.
>
> Is there a way to replace all these tags by there equivalents? I am having problem detecting the brackets []

Can you guarantee that square brackets are only used as your
markup?

Your is the [url=....] the equevalent to the HTML <a href=...> ?



-- 
Shlomo Yona
yona at cs.technion.ac.il
http://yeda.cs.technion.ac.il/~yona/



More information about the Perl mailing list