N-Bomb(Nerd) Posted June 11, 2010 Share Posted June 11, 2010 Hello, I have a website where users are able to register. I'd like to be able to greet the user by their username, much like "Welcome, UsernameHere". However, they're able to register with a name like <b>Bold</b> and when outputting the welcome their username is "Bold", but it's actually bold. Is there a way to actually output whatever the person registers as without actually executing it? I don't have a problem with the database part because I'm using prepared statements, but this part is seeming to stump me pretty well. Link to comment https://forums.phpfreaks.com/topic/204451-input-sanitization/ Share on other sites More sharing options...
thomashw Posted June 11, 2010 Share Posted June 11, 2010 Use the htmlspecialchars function. http://php.net/manual/en/function.htmlspecialchars.php Link to comment https://forums.phpfreaks.com/topic/204451-input-sanitization/#findComment-1070642 Share on other sites More sharing options...
JasonLewis Posted June 11, 2010 Share Posted June 11, 2010 When inserting data into a database, I would also recommend using mysql_real_escape_string. Link to comment https://forums.phpfreaks.com/topic/204451-input-sanitization/#findComment-1070647 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.