Prevent Html Data From Being Posted Into Form Textboxes
I'm making a web application using PHP in where I have a form that makes entries into a MySQL database and later displays it on another webpage. But the problem is that the text bo
Solution 1:
htmlspecialchars is one of your friends for that, you may also want to replace utf8, hexencoded or entitified version of < to avoid obfuscated script to get through.
Solution 2:
htmlspecialchars is one to to prevent xss
strip_tags also strips out PHP tags
also make sure to use mysqli_real_escape_string or the like to prevent SQL injection
UPDATE in response to your update, the simplest way to do that would be to use one of the many markdown syntaxes ala Daring Fireball. Since the markdown syntax are not HTML/PHP tags, it should pass through the PHP functions without problem, but I have never implemented this myself, so YMMV.
Post a Comment for "Prevent Html Data From Being Posted Into Form Textboxes"