Results 1 to 3 of 3

Thread: How to not allow users to input html or php in a textbox?

  1. #1

    Thread Starter
    Fanatic Member
    Join Date
    May 2009
    Posts
    876

    How to not allow users to input html or php in a textbox?

    Hi there,

    I have a html form on my website, where users can update their account profile. Now when the forms submitted it inputs the data they entered into a mysql database..

    I've noticed that people are able to put html into the box which is then put in the database. when people go to their profiles it will run the html code, so if i put meta refresh in box and go on my profile it will refresh it as its running the html code.

    is there anyway i can make it disable html being put into the text box / database?

    If so what is the best way?

    Fairly new to PHP so any examples would be appreciated.

    Thanks
    Jamie

  2. #2
    Addicted Member
    Join Date
    Feb 2010
    Location
    Damascus - Syria
    Posts
    145

    Re: How to not allow users to input html or php in a textbox?

    hi

    use strip_tags function in PHP like this:

    PHP Code:
    <?php
    $text 
    '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>';
    echo 
    strip_tags($text);
    // source: php.net
    ?>
    above example will output: Test paragraph. Other text

    more information on: http://www.php.net/manual/en/function.strip-tags.php

  3. #3
    I'm about to be a PowerPoster!
    Join Date
    Jan 2005
    Location
    Everywhere
    Posts
    13,647

    Re: How to not allow users to input html or php in a textbox?

    Use parameters to enter user input into a database. When emitting it as HTML, first pass it through either htmlspecialchars or htmlentities.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width