Die if form has HTML thats been submitted

[Jamie_Lyons]

How can i do this.

 

Basically, I want the form to die if it has HTML in it. 

 

as people have been submitting things and cancelling out the text area (Vandalizing The Page)

 

Could anyone help me on doing this?

 

-Jamie

 

(I know how to do it if the ONLY text submitted is HTL, but I need it if it has that in alongside other text)

Edited June 25, 2013 by Jamie_Lyons

[boompa]

Not sure this would work, but my first thought on a simple solution would be to run strip_tags on the form input and compare the length of the resulting string; if it was shorter, then there were tags removed. You could then make the assumption that HTML was submitted and die.

Edited June 25, 2013 by boompa

[Jamie_Lyons]

Not sure this would work, but my first thought on a simple solution would be to run strip_tags on the form input and compare the length of the resulting string; if it was shorter, then there were tags removed. You could then make the assumption that HTML was submitted and die.

Realised on IRC, didn't even know what strip tags was until i needed it

 

Thanks anyway.

 

-Jamie

[denno020]

a very simple way would be to do a preg match to match for greater-than and less-than symbols, which would indicate opening and closing tags.

 

Something very simple like this would be a start:

preg_match("/.*<.*>.*/", $input);

Put that in an if condition, as it will return true if it matches.

 

Hope that helps.

 

Denno

Edited June 25, 2013 by denno020

[Irate]

Why not just use htmlspecialchars() or mysql(i)_real_escape_string()?