I have a comment form on my website which, at the moment I filter out all html and turn it into plain text and also replace bad words with funny words. I want to be able to allow users to post images. I couldn't see how to incorporate this to the comment page so have set it up on a separate page just dedicated to users posting images. But, I still don't want to allow any other html except img. Also, protect from sql injection.
Does anyone have any ideas?
Thanks.
Yes, you can pass a list of allowable tags to php's strip_tags() function:
$clean_text = strip_tags($html_text, "<img>") ;
Two decent methods would be using Tidy or HTMLPurifier. Both filter HTML very well and are highly customizable to suit your needs.
With purifier (I speak from experience as I have used it) it will allow you to add something like:
img[src,alt,title]
To the allowed tags property, which allows only those attributes in the img tag. See the website for more information / usages.