Php safe output

Question

When outputting user input I use this function:

function bbkoda($text) {
    $text = htmlspecialchars($text);
    $text = nl2br($text);

    $hitta = array(
        "'\[b](.*?)\[/b]'is",
        "'\[i](.*?)\[/i]'is"
    );

    $byt = array(
        "<b>\\1</b>",
        "<i>\\1</i>"
    );

    $text = preg_replace($hitta, $byt, $text);

    return $text;
}

This is pretty safe right? I sanitize all i insert to db with mysql_real_escape_string and output it with htmlspecialchars. Im a very doubtful person :P

Thanks

Rather than using BB code, why not use Markdown or ReStructered text. — Geoff
– Geoff, Commented Jun 25, 2009 at 4:38

Community · Accepted Answer · 2017-05-23 10:28:07Z

1

There is already a quite good explanation on stackoverflow on this topic. Basically you definitely need to work on your in- and output to get it really safe!

edited May 23, 2017 at 10:28

CommunityBot

11 silver badge

answered Jun 25, 2009 at 4:50

merkuro

6,1772 gold badges29 silver badges29 bronze badges

Sign up to request clarification or add additional context in comments.

Collectives™ on Stack Overflow

Php safe output

1 Answer 1

Comments

Linked

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Linked

Related