There is a table called restricted_tags in this table the tags are inserted like and
now there is form and in this form data is filled and in textarea user can insert whole html
but i need to sanatize that html code
by removing those tags which are in the table restricted_tags
Well, without really seeing the script(s) that you have done the only help you going to be is a generalization of sanitizing.
So I would suggest showing some code (It doesn’t have to be the whole script and preferably not), so you can get better help.
Though I would say in general you want to sanitize any [size=18pt]output[/size] that is user generated. I know that sounds weird, but if you don’t catch the user’s output then bad things can happen. That is why it is important to use prepared statements with it comes to a database table. As for what you’re trying to (I’m guessing) you want to strip out all the html, but to still be able to display the html on the website? My personal suggestion would to get a 3rd party script that sanitizes/highlights(a nice option) the user’s input, they are out there just Google it. I have used GesHi in the past that highlights the code, though I still think you have to sanitize the text…I can’t remember for I haven’t used it in a while. However, I know there are scripts/libraries out that will do both. If you still determine to develop this on your own, I know others will help you with it.
HTH John
What are you trying to do with the html? A prepared statement protects the database integrity.