Help!

[ZulfadlyAshBurn]

I have just finished coding the front end of my social integration site for my CCA.

I'm having a slight problem in preventing users from posting cross-side scripting or type scripts in the text box. How can I disallow users/disable users from typing <scripts> in the text area and send to server.

 

 

this is my script.

 

 

<form>
<textarea id="textfm" name="text"; onclick="this.innerHTML = '';" onKeyPress="return submitenter(event)">Say something...</textarea>
<input type="button" value="Share!" onClick="ajaxSubmit();"/>

 

 

the ajax all works

 

 

this is where it saves the code

$text = "<img src='images/say.png' height='20px'/><a href='#'>Anonymous</a> " . $text . "<p style='float:right; color:#C0C0C0' align='right'><img ALIGN=ABSMIDDLE src='images/clock.png' height='20px'> " . date("d/m/y : H:i:s", time())  . "</img></p><hr color='#F0F0F0' width='100%' size='1'/>";
$rip = $_SERVER['REMOTE_ADDR'];
$fp = fopen('log.txt', 'a+');
fwrite($fp, $text);
fclose($fp);
$fp = fopen('ip.txt', 'a+');
fwrite($fp, $rip);
fclose($fp);
readfile('log.txt');
}

[premiso]

htmlentities strip_tags preg_replace are all viable solutions to your problem.

 

And next time, choose a better, more descriptive subject title. Help is just so fuckin annoying.

[ZulfadlyAshBurn]

thanks dude. i will try it out. haha. alright. helps kinda sucks now.

[Kustom_Vegas]

this is assuming that you are passing your form and validating your forma data with PHP and not JS, which I assume that you are

[ZulfadlyAshBurn]

yes, i am using ajax to pass the form to a php script which validates the form and pass back the output to the page.