PHP Form Question

Question

Is there a way I can check if a user enters a <p> tag inside a form using PHP?

judda · Answer 1 · 2010-09-13T23:40:19.567

1

If it is posted, you can do something like strstr of '<p>' or one of the similar functions, which will then return the location if it exists or NULL if it doesn't.

<?php if ( strstr ( $body, '<p>' ) == NULL )
echo 'All Clear';
else die ( 'Contains <p>' );

edited Sep 13 '10 at 23:40

answered Sep 13 '10 at 23:34

judda

3,977
1
25
27

Paulo Scardine · Answer 2 · 2010-09-13T23:40:52.490

1

if(empty($_POST['foo'])) {
   print "Foo empty";
} else { 
   if(stristr($_POST['foo'], '<p>')) {
      print "Contains P tag";
   } else {
      print "No P tag";
   }
}

edited Sep 13 '10 at 23:40

answered Sep 13 '10 at 23:34

Paulo Scardine

73,447
11
124
153

Before doing this, you'd want to check that isset($_POST['foo']); is true, else you'll get an undefined index notice. – mr. w Sep 13 '10 at 23:37
use the strifoo functions to catch both
and
.
– Paulo Scardine Sep 13 '10 at 23:38

score 1 · Answer 3 · answered Sep 13 '10 at 23:35

1

If you simply want to strip all markup use:

strip_tags ( string $str [, string $allowable_tags ] )

otherwise:

substr_replace ( $string , string $replacement , int $start [, int $length ] )

Depends on why you what to know

1 - PHP.net

answered Sep 13 '10 at 23:35

taylorjes

434
3
18

score 0 · Answer 4 · answered Sep 13 '10 at 23:30

0

You could use javascript or jquery .onFocus event.

answered Sep 13 '10 at 23:30

ItsPronounced

5,475
13
47
86

I really would like to use PHP. – cssNUT Sep 13 '10 at 23:33
ahh I see. I assumed you wanted to know when a control inside the
tag was in focus or not.
– ItsPronounced Sep 13 '10 at 23:36

score 0 · Answer 5 · answered Sep 13 '10 at 23:33

Assuming they don't enter anything fancy like <p class="stuff">, you can use a simple strpos() call:

$text = $_POST['name_of_field'];
if (strpos($text, '<p>') !== FALSE) {
    die("No <p> tags allowed");
}

If they enter attributes, then you'd most likely need a regex, which has its own basket of problems:

$text = $_POST['name_of_field'];
if (preg_match('/<p.*?>/i', $text)) {
   die("No <p> tags allowed");
}

score 0 · Answer 6 · answered Sep 13 '10 at 23:35

Is this what you mean? Assuming you have the form content in a string variable, something like this should work:

<?php

ini_set('display_errors', 1);
ini_set('error_reporting', E_ALL | E_STRICT);

$string1 = 'Hello <p> world';
$string2 = 'Hello world';

$foundIt1 = strripos($string1, '<p>');
$foundIt2 = strripos($string2, '<p>');

if (false === $foundIt1) {
    echo '1. didn\'t find it';
} else {
    echo "1. found it at offset $foundIt1";
}
echo "\n";

if (false === $foundIt2) {
    echo '2. didn\'t find it';
} else {
    echo "2. found it at offset $foundIt2";
}


?>

score 0 · Answer 7 · edited May 23 '17 at 12:07

If you want to replace or remove them:

$new_data = preg_replace("/<p>/", "whatever you want to replace it with here", $_POST['form_field_id_here']);

If you just want to check for them

strpos("<p>", $_POST['form_field_id_here']);

Then read this to make sure you aren't leaving your site open to attackers: What's the best method for sanitizing user input with PHP?

(Edit: I know, I know. No regex for HTML parsing. IMHO, if all you are doing is checking for

tags then a little bit of regex is better than using a huge HTML parser. That said, if you are checking for many tags and things like <p class="something"> then you should look at this: http://docs.php.net/manual/en/domdocument.loadhtml.php )

PHP Form Question

7 Answers7