BBCode

[Carbine]

I remember reading up and this, and I modified it to my liking and added my own codes a while back. Could be useful, although the youtube one is kind of a let down It works, you just need the video id code. I'm sure you you can do full links if you use an explode() and substr(), I haven't got around to that yet. Anway, less of the boring stuff, more of the code:

function bbcode($text) {
	$search = array(
		'/\[b\](.*?)\[\/b\]/is',                                
		'/\[i\](.*?)\[\/i\]/is',                                
		'/\[u\](.*?)\[\/u\]/is',
		'/\[img\](.*?)\[\/img\]/is',
		'/\[url\](.*?)\[\/url\]/is',
		'/\[url\=(.*?)\](.*?)\[\/url\]/is',
		'/\[size\=(.*?)\](.*?)\[\/size\]/is',
		'/\[colour=(.*?)\](.*?)\[\/colour\]/is',
		'/\[center\](.*?)\[\/center\]/is',
		'/\[right\](.*?)\[\/right\]/is',
		'/\[left\](.*?)\[\/left\]/is',
		'/\[youtube\](.*?)\[\/youtube\]/is'
		);

	$replace = array(
		'<strong>$1</strong>',
		'<em>$1</em>',
		'<u>$1</u>',
		'<img src="$1" />',
		'<a href="$1">$1</a>',
		'<a href="$1">$2</a>',
		'<font size="$1">$2</font>',
		'<font color="$1">$2</font>',
		'<center>$1</center>',
		'<div style="text-align:right;">$1</div>',
		'<div style="text-align:left;">$1</div>',
		'<iframe title="YouTube video player" width="640" height="390" src="http://www.youtube.com/embed/$1" frameborder="0" allowfullscreen></iframe>'
		);

	$bb = preg_replace ($search, $replace, $text);

	return $bb;
}

[jacek]

htmlentities is needed somewhere to prevent xss attacks

Saying that, its not necessarily something this function should do.

[Carbine]

yeah, I always use htmlentities(), just not needed in the function. I would go around to using

htmlentities(bbcode("[\b]Nice[\/b]"))

or whatever it is.
P.S Had to put \ there to let the Syntax-php work...(Only in this post, first post is correct)

[FrederickGeek8]

Thanks This is great.

[FrederickGeek8]

This is a great Rich-text to BBCode editor that you can throw on your website. It works well with this tutorial.

Also I update the list for more items and security (just to save people some work)

function bbcode($text) {
        $text = htmlentities($text);
        $search = array(
                '/\[b\](.*?)\[\/b\]/is',                                
                '/\[i\](.*?)\[\/i\]/is',                                
                '/\[u\](.*?)\[\/u\]/is',
                '/\[s\](.*?)\[\/s\]/is',
                '/\[sub\](.*?)\[\/sub\]/is',
                '/\[sup\](.*?)\[\/sup\]/is',
                '/\[img\](.*?)\[\/img\]/is',
                '/\[url\](.*?)\[\/url\]/is',
                '/\[url\=(.*?)\](.*?)\[\/url\]/is',
                '/\[size\=(.*?)\](.*?)\[\/size\]/is',
                '/\[color=(.*?)\](.*?)\[\/color\]/is',
                '/\[center\](.*?)\[\/center\]/is',
                '/\[right\](.*?)\[\/right\]/is',
                '/\[left\](.*?)\[\/left\]/is',
                '/\[justify\](.*?)\[\/justify\]/is',
                '/\[youtube\](.*?)\[\/youtube\]/is',
                '/\[font\=(.*?)\](.*?)\[\/font\]/is',
                '/\[ul\](.*?)\[\/ul\]/is',
                '/\[ol\](.*?)\[\/ol\]/is',
                '/\[li\](.*?)\[\/li\]/is',
                '/\[code\](.*?)\[\/code\]/is',
                '/\[quote\](.*?)\[\/quote\]/is',
                '[hr]',
                '/\[email\=(.*?)\](.*?)\[\/email\]/is',
                '/\[rtl\](.*?)\[\/rtl\]/is',
                '/\[ltr\](.*?)\[\/ltr\]/is',
                '/\[table\](.*?)\[\/table\]/is',
                '/\[tr\](.*?)\[\/tr\]/is',
                '/\[td\](.*?)\[\/td\]/is',
                '/\[thead\](.*?)\[\/thead\]/is',
                '/\[tbody\](.*?)\[\/tbody\]/is',
                '/\[th\](.*?)\[\/th\]/is',
                '/\[caption\](.*?)\[\/caption\]/is'
                );
 
        $replace = array(
                '<strong>$1</strong>',
                '<em>$1</em>',
                '<u>$1</u>',
                '<del>$1</del>',
                '<sub>$1</sub>',
                '<sup>$1</sup>',
                '<img src="$1" />',
                '<a href="$1">$1</a>',
                '<a href="$1">$2</a>',
                '<font size="$1">$2</font>',
                '<a style=\'color:$1;\'>$2</a>',
                '<center>$1</center>',
                '<div style="text-align:right;">$1</div>',
                '<div style="text-align:left;">$1</div>',
                '<div style="text-align:justify;">$1</div>',
                '<iframe id="ytplayer" type="text/html" width="640" height="360"
src="https://www.youtube.com/embed/$1" frameborder="0" allowfullscreen>',
                '<a style=\'font-family:$1;\'>$2</a>',
                '<ul>$1</ul>',
                '<ol>$1</ol>',
                '<li>$1</li>',
                '<code>$1</code>',
                '<blockquote>$1</blockquote>',
                '<hr />',
                '<a href=\'mailto:$1\'>$2</a>',
                '<div style=\'direction: rtl\'>$1</div>',
                '<div style=\'direction: ltr\'>$1</div>',
                '<table>$1</table>',
                '<tr>$1</tr>',
                '<td>$1</td>',
                '<thead>$1</thead>',
                '<tbody>$1</tbody>',
                '<th>$1</th>',
                '<caption>$1</caption>'
                );
 
        $bb = preg_replace ($search, $replace, $text);
 
        return $bb;
}

[louiegiezer]

how this thing should work if i try to test this code... no idea

[ScTech]

Just call the function.

<?php echo bbcode($your_text); ?>

You can edit all the replacements in there by just editing the corresponding lines in both arrays. The extra slashes are just to make the preg_replace work. It's like any other bbcode with it seems a bit extra.

There is one XSS vulnerability I did notice with using [url] and that is you can use [url=javascript:alert(String.fromCharCode(88, 83, 83));] (Just as an example) so you have to watch out for that.

[louiegiezer]

i want to know how the trix.. just like the bbcode here... its automatically insert the tags on the text... if i know there's a java on it...

[ScTech]

This is a very basic method. It will not wrap around highlighted text. Replace [\b][\/b] with whatever you want your bbcode to display

<a href="#" onclick="document.getElementById('your_textarea_id').value += '[\b][\/b]'">Bold</a>

[Helx]

This is a very basic method. It will not wrap around highlighted text. Replace [\b][\/b] with whatever you want your bbcode to display

<a href="#" onclick="document.getElementById('your_textarea_id').value += '[\b][\/b]'">Bold</a>

Instead of using the hashtag (#), you should change the href to "javascript:void(0);" (minus quotes). This will hopefully stop the page from auto-scrolling to the top of the page, and keep that annoying hashtag out of the address bar.

You could also even use that "e.PreventDefault" thing, but I don't really know much about it.

[ScTech]

This is a very basic method. It will not wrap around highlighted text. Replace [\b][\/b] with whatever you want your bbcode to display

<a href="#" onclick="document.getElementById('your_textarea_id').value += '[\b][\/b]'">Bold</a>

Instead of using the hashtag (#), you should change the href to "javascript:void(0);" (minus quotes). This will hopefully stop the page from auto-scrolling to the top of the page, and keep that annoying hashtag out of the address bar.

You could also even use that "e.PreventDefault" thing, but I don't really know much about it.

I tried to enter javascript:void(0) but the syntax highlighter kept removing it. Sorry I forgot to explain that. Thanks for catching that The event.preventDefault(); method requires the JQuery library.