Solved

Function to strip tags using array and preg_replace

Posted on 2008-06-26
7
1,751 Views
Last Modified: 2013-11-05
I have a credit application form that goes from Step 1 > Processor 1 > Step 2 > Processor 2 > References Page > References Processor > Step 3 > Processor 3 > Step 4.

I'm holding information in the session until the final Processor 3 page. Step 4 is just a submission confirmation page. I am wanting to strip all tags from all form fields and have this code on Processor 3. Here's what I have but I seem to be over looking something that is missing or wrong. I'm thinking I need to define what $document is? If so, how is this done? Thanks in advance.
<?php

session_start();

$SID=session_id();

 

//connection statement

require_once('../Connections/devnet.php');

 

 

//STRIP TAGS

 

function strip_selected_tags($document)

{

$search = array('@<script[^>]*?>.*?</script>@si',  // Strip out javascript

               '@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags

               '@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly

               '@<![\s\S]*?--[ \t\n\r]*>@'         // Strip multi-line comments including CDATA

);

$text = preg_replace($search, '', $document);

return $text;

}

 

//setup variables

$checking = $_POST['checking'];

$checking_bank_name = $_POST['checking_bank_name'];

$checking_bank_location = $_POST['checking_bank_location'];

$checking_account_number = $_POST['checking_account_number'];

$savings = $_POST['savings'];

$savings_bank_name = $_POST['savings_bank_name'];

$savings_bank_location = $_POST['savings_bank_location'];

$savings_account_number = $_POST['savings_account_number'];

$cc_type = $_POST['cc_type'];

$cc_number = $_POST['cc_number'];

$cc_expire = $_POST['cc_expire'];

$cc_holdername = $_POST['cc_holdername'];

$cc_signature = $_POST['cc_signature'];

$agree = $_POST['agree'];

$agree_date = $_POST['agree_date'];

 

 

$ssn=$_SESSION['ssn'];

$dl=$_SESSION['dl'];

$owner_ssl=$_SESSION['owner_ssl'];

$d_and_b=$_SESSION['d_and_b'];

$fid=$_SESSION['fid'];

 

//generate unique key 

//BEGIN UNIQUE ACCESS DENIED IDENTIFIER

// END DMS_UNIQUE_ID 

 

//END UNIQUE ACCESS DENIED IDENTIFIER

 

$Key=DMS_unique_id();

 

 

//insert data into database tables

$sql="INSERT INTO ...credit_app1 (first_name,middle_initial,last_name,firm_name,address1,address2,city,state,zip,bill_address1,bill_address2,bill_city,bill_state,bill_zip,home_phone,busi_phone,fax,antec) VALUES ('".$_SESSION['first_name']."','".$_SESSION['middle_initial']."','".$_SESSION['last_name']."','".$_SESSION['firm_name']."','".$_SESSION['address1']."','".$_SESSION['address2']."','".$_SESSION['city']."','".$_SESSION['state']."','".$_SESSION['zip']."','".$_SESSION['bill_address1']."','".$_SESSION['bill_address2']."','".$_SESSION['bill_city']."','".$_SESSION['bill_state']."','".$_SESSION['bill_zip']."','".$_SESSION['home_phone']."','".$_SESSION['busi_phone']."','".$_SESSION['fax']."','$Key')";

$result=mysql_query($sql)or die(mysql_error() . " - $sql");

$last_id = mysql_insert_id();

 

$sql2="INSERT INTO ...credit_app2 (appID,ssn,dl,dob,sole_prop_owner_name,owner_ssl,d_and_b,fid,business_type,business_type2,owned_since,housing_status,landlord,landlord_phone,prev_address1,prev_address2,prev_city,prev_state,prev_zip,relative_name,relative_phone,relative_address1,relative_address2,relative_city,relative_state,relative_zip) VALUES ('$last_id',AES_ENCRYPT('$ssn','$Key'),AES_ENCRYPT('$dl','$Key'),'".$_SESSION['dob']."','".$_SESSION['sole_prop_owner_name']."',AES_ENCRYPT('$owner_ssl','$Key'),AES_ENCRYPT('$d_and_b','$Key'),AES_ENCRYPT('$fid','$Key'),'".$_SESSION['business_type']."','".$_SESSION['business_type2']."','".$_SESSION['owned_since']."','".$_SESSION['housing_status']."','".$_SESSION['landlord']."','".$_SESSION['landlord_phone']."','".$_SESSION['prev_address1']."','".$_SESSION['prev_address2']."','".$_SESSION['prev_city']."','".$_SESSION['prev_state']."','".$_SESSION['prev_zip']."','".$_SESSION['relative_name']."','".$_SESSION['relative_phone']."','".$_SESSION['relative_address1']."','".$_SESSION['relative_address2']."','".$_SESSION['relative_city']."','".$_SESSION['relative_state']."','".$_SESSION['relative_zip']."')";

$result=mysql_query($sql2)or die(mysql_error() . " - $sql2");

 

$sql4="INSERT INTO ...credit_app_ref (appID,trade1_name,trade1_account,trade1_address1,trade1_address2,trade1_city,trade1_state,trade1_zip,trade1_terms,trade1_opened,trade1_phone,trade2_name,trade2_account,trade2_address1,trade2_address2,trade2_city,trade2_state,trade2_zip,trade2_terms,trade2_opened,trade2_phone,trade3_name,trade3_account,trade3_address1,trade3_address2,trade3_city,trade3_state,trade3_zip,trade3_terms,trade3_opened,trade3_phone) VALUES ('$last_id','".$_SESSION['trade1_name']."','".$_SESSION['trade1_account']."','".$_SESSION['trade1_address1']."','".$_SESSION['trade1_address2']."','".$_SESSION['trade1_city']."','".$_SESSION['trade1_state']."','".$_SESSION['trade1_zip']."','".$_SESSION['trade1_terms']."','".$_SESSION['trade1_opened']."','".$_SESSION['trade1_phone']."','".$_SESSION['trade2_name']."','".$_SESSION['trade2_account']."','".$_SESSION['trade2_address1']."','".$_SESSION['trade2_address2']."','".$_SESSION['trade2_city']."','".$_SESSION['trade2_state']."','".$_SESSION['trade2_zip']."','".$_SESSION['trade2_terms']."','".$_SESSION['trade2_opened']."','".$_SESSION['trade2_phone']."','".$_SESSION['trade3_name']."','".$_SESSION['trade3_account']."','".$_SESSION['trade3_address1']."','".$_SESSION['trade3_address2']."','".$_SESSION['trade3_city']."','".$_SESSION['trade3_state']."','".$_SESSION['trade3_zip']."','".$_SESSION['trade3_terms']."','".$_SESSION['trade3_opened']."','".$_SESSION['trade3_phone']."')";

$result=mysql_query($sql4)or die(mysql_error() . " - $sql4");

 

$sql3="INSERT INTO ...credit_app3 (appID,checking,checking_bank_name,checking_bank_location,checking_account_number,savings,savings_bank_name,savings_bank_location,savings_account_number,cc_type,cc_number,cc_expire,cc_holdername,cc_signature,agree,agree_date) VALUES ('$last_id','$checking','$checking_bank_name','$checking_bank_location',AES_ENCRYPT('$checking_account_number','$Key'),'$savings','$savings_bank_name','$savings_bank_location',AES_ENCRYPT('$savings_account_number','$Key'),'$cc_type',AES_ENCRYPT('$cc_number','$Key'),'$cc_expire','$cc_holdername',AES_ENCRYPT('$cc_signature','$Key'),'$agree','$agree_date')";

$result=mysql_query($sql3)or die(mysql_error() . " - $sql3");

 

 $insertGoTo = "...credit_application_4";

      if (isset($_SERVER['QUERY_STRING'])) {

      $insertGoTo .= (strpos($insertGoTo, '?'))? "" : "";

      //$insertGoTo .= $_SERVER['QUERY_STRING'];

    }

      print "<script language=\"javascript\">";

      print "window.location='$insertGoTo'";

      print "</script>";

 

?>

Open in new window

0
Comment
Question by:Guest85
  • 3
  • 2
7 Comments
 
LVL 4

Expert Comment

by:pdd
ID: 21884329
0
 
LVL 1

Author Comment

by:Guest85
ID: 21885891
Thanks. I've already been to that site many times and it didn't help. Although, I figured it out myself stripping the above tags.

How would I strip out all punctuation? Here's what I have so far but it is stripping out all text:
//STRIP TAGS

function strip_selected_tags($document){

$search = array('@<script[^>]*?>.*?</script>@si',  // Strip out javascript

               '@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags

               '@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly

               '@<![\s\S]*?--[ \t\n\r]*>@',         // Strip multi-line comments including CDATA

			   	'@\[\]\(\)',							// URL brackets

				'@:;\'_\*%@&?!',						// URL space before

				'@\.,:;\'\-_\*@&\/\\\\\?!#',			// URL space after

				'@\.,:;\'\-_\*%@&\/\\\\\?!#',		// URL all

				'@\'"\*<>'							// Special Quotes

);

$text = preg_replace($search, '', $document);

return $text;

}

Open in new window

0
 
LVL 54

Expert Comment

by:b0lsc0tt
ID: 21888415
What punctuation exactly?  There isn't a regex shorthand for punctuation so you will need to specify the specific characters in a class (e.g. [.,-]).

Do you have a line above that is trying to do this and not working?  From your comment it seems like that is the case but I don't see any line that is even trying to remove punctuation.

bol
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 54

Expert Comment

by:b0lsc0tt
ID: 21902983
Please explain why your post at http:#21885891 should be an answer.  What is the status of this?  Why did you try to close this by accepting one of your comments that just asks a question?

Also it isn't appropriate to try to close a question with one of your comments if you haven't responded to all expert posts.

bol
0
 
LVL 1

Author Comment

by:Guest85
ID: 21903347
Sorry if I did this incorrectly. I'm new to this. And still figuring out how all this works regarding accepting solutions, giving points, monitoring questions, etc. I figured the script out over the weekend.
0
 
LVL 1

Accepted Solution

by:
Guest85 earned 0 total points
ID: 21903644
I previously asked if $document needed to be assigned or not. Well...It doesn't. No one gave me any specific answers to what I needed to fix or what was missing. So I played around with the script and the variables for a while and figured it out. I previously did not specify where the funciton was used. I had:

$checking = ($_POST['checking']);

I figured out that I needed to place the strip_selected_tags before the $_POST

Also, I needed to strip punctuation from being submitted to the database. So I figured that out other than the [ ] (square brackets) but I don't think those are a big deal. I tried 1 and 2 backslashes before each but that didn't work. So I just stopped trying as I don't think they'll be a problem.
//STRIP TAGS

function strip_selected_tags($document){

$search = array('@<script[^>]*?>.*?</script>@si',  // Strip out javascript

               '@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags

               '@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly

               '@<![\s\S]*?--[ \t\n\r]*>@',         // Strip multi-line comments including CDATA

			   '[[~`!@#$%^&*(){}|\<>?/.,"\\\';:_\+=-\[\]]]',	// Special characters and punctuation

);

$text = preg_replace($search, '', $document);

return $text;

}
 

//setup variables

$checking = strip_selected_tags($_POST['checking']);

Open in new window

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Calculate values in an array 18 35
PHP Healthcheck 2 85
Could you point a way to form a view's combo based on Codeigniter's results? 4 20
Update from TABLE-A to TABLE-B 5 39
This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now