imarockstar Posted December 12, 2008 Share Posted December 12, 2008 I have a form that allows people to post content in a regular TEXTAREA : <h2 class='boxtitle'>Meta Description</h2> <textarea class=editblocktext name='metadesc' > <? echo $rows['metadesc']; ?> </textarea> <br><br> but I do not want the user to throw any html,css,php or javascript in there .. how can this be prevented ? thx b Quote Link to comment Share on other sites More sharing options...
ted_chou12 Posted December 12, 2008 Share Posted December 12, 2008 <h2 class='boxtitle'>Meta Description</h2> <textarea class=editblocktext name='metadesc' > <? echo htmlentities($rows['metadesc']); ?> </textarea> <br><br> Ted Quote Link to comment Share on other sites More sharing options...
Caesar Posted December 12, 2008 Share Posted December 12, 2008 <?php $message = htmlspecialchars(strip_tags($_POST['message'])); ?> Quote Link to comment Share on other sites More sharing options...
Caesar Posted December 12, 2008 Share Posted December 12, 2008 http://us2.php.net/strip_tags For more info on strip_tags() Quote Link to comment Share on other sites More sharing options...
imarockstar Posted December 12, 2008 Author Share Posted December 12, 2008 awesome .. i knew it was something like that .. I just had the wrong function .. what would be the correct IF statement to send an error message that you entered HTML and that it is not allowed ? like -- IF 'html code is entered' echo "you can not enter html code"; Quote Link to comment Share on other sites More sharing options...
elite_prodigy Posted December 12, 2008 Share Posted December 12, 2008 Try: if(strip_tags($string)){ echo 'No HTML!'; } Otherwise, you'll mostlikely need to search the string for a <> pair and return the error. I would just put a notice above the textbox. Quote Link to comment Share on other sites More sharing options...
imarockstar Posted December 12, 2008 Author Share Posted December 12, 2008 so if I want to allow html tags but not JAVAScript or PHP ... do I have to use the "allowed tags" function ? b Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.