Nine_ Posted June 23, 2008 Share Posted June 23, 2008 Hi all I'm having a problem now. In my script, I have a form to post a message (like this one), when a user posts a message every thing goes fine, but there is a problem when retrieving a message from the database. Like if the message is just normal message then there is no error, but if a user posted some "HTML" tags with the message (like "</table>","</body>") then an error will appear, anyone please help me about this. Nine Link to comment https://forums.phpfreaks.com/topic/111510-problem-with-html-tags/ Share on other sites More sharing options...
waynew Posted June 23, 2008 Share Posted June 23, 2008 When you take their post in, use: $users_post = htmlentities($_POST['message']); Link to comment https://forums.phpfreaks.com/topic/111510-problem-with-html-tags/#findComment-572267 Share on other sites More sharing options...
waynew Posted June 23, 2008 Share Posted June 23, 2008 I also hope that you're sanitizing this input. By the sounds of things, you're giving people the freedom to enter whatever they like. Make sure you're using the: mysql_real_escape_string() on ALL of the data coming in from your users. So, your post could be: $user_post = mysql_real_escape_string(htmlentities($_POST['users_forum_message'])); Link to comment https://forums.phpfreaks.com/topic/111510-problem-with-html-tags/#findComment-572272 Share on other sites More sharing options...
dannyb785 Posted June 23, 2008 Share Posted June 23, 2008 htmlentities and filtering aside, there's no reason there should be an error when html tags are input. When you say there is an error, what kind of error is it? Link to comment https://forums.phpfreaks.com/topic/111510-problem-with-html-tags/#findComment-572278 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.