-
Jan 29th, 2012, 04:09 PM
#1
Thread Starter
Fanatic Member
How to not allow users to input html or php in a textbox?
Hi there,
I have a html form on my website, where users can update their account profile. Now when the forms submitted it inputs the data they entered into a mysql database..
I've noticed that people are able to put html into the box which is then put in the database. when people go to their profiles it will run the html code, so if i put meta refresh in box and go on my profile it will refresh it as its running the html code.
is there anyway i can make it disable html being put into the text box / database?
If so what is the best way?
Fairly new to PHP so any examples would be appreciated.
Thanks
Jamie
-
Jan 29th, 2012, 07:44 PM
#2
Addicted Member
Re: How to not allow users to input html or php in a textbox?
hi
use strip_tags function in PHP like this:
PHP Code:
<?php $text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>'; echo strip_tags($text); // source: php.net ?>
above example will output: Test paragraph. Other text
more information on: http://www.php.net/manual/en/function.strip-tags.php
-
Jan 30th, 2012, 06:05 PM
#3
Re: How to not allow users to input html or php in a textbox?
Use parameters to enter user input into a database. When emitting it as HTML, first pass it through either htmlspecialchars or htmlentities.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|