[TYPO3-project-formidable] Stripping HTML tags from user input before DB insertion
Leopold Mayr
leo at sprinkesnirg.de
Sat Feb 14 12:50:28 CET 2009
Hi list!
I have created a user database where users can edit their data
themselves. I wanted to strip any html tags from the user's input
before it is stored in the DB.
Therefore I wrote a beforeinsertion process (code below) to strip the
tags and it works (as far as I can tell right now).
I'm just wondering if there is another possibility of doing this? Am I
missing anything?
Thanks in advance,
Leo
Here goes the code:
<datahandler:DB>
<tablename>fe_users</tablename>
<keyname>uid</keyname>
<process>
<beforeinsertion>
<userobj>
<php><![CDATA[
//get form values
$aData = array_pop(func_get_args());
//create anonymous function for stripping tags
$sanitize = create_function ('&$value, $key', '$value =
strip_tags ($value);');
//apply anonymous strip tags function to every form field
array_walk ($aData, $sanitize);
return $aData;
]]></php>
</userobj>
</beforeinsertion>
</process>
</datahandler:DB>
More information about the TYPO3-project-formidable
mailing list