How to not allow users to input html or php in a textbox?

**JamieWarren09** · Jan 29th, 2012, 03:09 PM

Hi there,

I have a html form on my website, where users can update their account profile. Now when the forms submitted it inputs the data they entered into a mysql database..

I've noticed that people are able to put html into the box which is then put in the database. when people go to their profiles it will run the html code, so if i put meta refresh in box and go on my profile it will refresh it as its running the html code.

is there anyway i can make it disable html being put into the text box / database?

If so what is the best way?

Fairly new to PHP so any examples would be appreciated.

Thanks
Jamie

**fjober** · Jan 29th, 2012, 06:44 PM

hi

use strip_tags function in PHP like this:

PHP Code:


<?php
$text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>';
echo strip_tags($text);
// source: php.net
?>

above example will output: Test paragraph. Other text

more information on: http://www.php.net/manual/en/function.strip-tags.php

**penagate** · Jan 30th, 2012, 05:05 PM

Use parameters to enter user input into a database. When emitting it as HTML, first pass it through either htmlspecialchars or htmlentities.

Thread: How to not allow users to input html or php in a textbox?

Thread Tools

Display

How to not allow users to input html or php in a textbox?

Re: How to not allow users to input html or php in a textbox?

Re: How to not allow users to input html or php in a textbox?

Posting Permissions