not allowing html in a text area ...

[imarockstar]

I have a form that allows people to post content in a regular TEXTAREA :

 

<h2 class='boxtitle'>Meta Description</h2>
<textarea class=editblocktext name='metadesc' >
<? echo $rows['metadesc']; ?>
</textarea> 
<br><br>

 

but I do not want the user to throw any html,css,php or javascript in there .. how can this be prevented ?

 

thx

b

 

 

[ted_chou12]

<h2 class='boxtitle'>Meta Description</h2>
<textarea class=editblocktext name='metadesc' >
<? echo htmlentities($rows['metadesc']); ?>
</textarea> 
<br><br>

Ted

[Caesar]

<?php

  $message = htmlspecialchars(strip_tags($_POST['message']));

?>

[Caesar]

http://us2.php.net/strip_tags

 

For more info on strip_tags()

[imarockstar]

awesome .. i knew it was something like that .. I just had the wrong function ..

 

what would be the correct IF statement to send an error message that you entered HTML and that it is not allowed ?

 

like --

 

IF 'html code is entered'
echo "you can not enter html code";

 

 

 

[elite_prodigy]

Try:

 

if(strip_tags($string)){

 

echo 'No HTML!';

 

}

 

Otherwise, you'll mostlikely need to search the string for a <> pair and return the error.

 

I would just put a notice above the textbox.

 

 

[imarockstar]

so if I want to allow html tags but not JAVAScript or PHP ... do I have to use the "allowed tags" function ?

 

b