Hi,

Let's say I have a textarea to collect user inputs. Someone turns up and writes a html code (eg. a table of something, or a img tag with src to naked image, a div with 10000px width and height ....) instead of plain text into it. It wouldn't be nice when I print it on my website. How do I avoid it?

Thanks

If you wanting to allow some html I recommend the HTML Purifier library. Kind of bulky but does the job.

The other way to prevent it from breaking your site, is to run the text through htmlentities so it will display as text no matter what.

Thanks. strip_tags() is fine.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.