Form Validation

Heres a tricky one, I'm working on a bulletin board (The Hobo's thread inspired me to try) and its going all well but I'm worried about one thing. What I do is I take their input for a thread from the textarea and run it through a php function that does some standard str_replaces... but my problem is, how do I know when to take out stuff if they slap a <? in the textarea. I don't want them to put <? phpinfo() ?> in the message of my message board and then it print out the actual php info or other things. How can I avoid that?

Run their input through the htmlspecialchars function, it will solve all your problems at once :cool:

wow, thats a great function, I never knew they had that. Thanks.

yep, PHP is full of little gems like that :)