mesh2005 Posted June 26, 2007 Share Posted June 26, 2007 I want to add client-side (JS) and server-side (PHP) checks to prevent users from entering HTML into a textarea, how can I do so? Thank you Quote Link to comment Share on other sites More sharing options...
TripleDES Posted June 26, 2007 Share Posted June 26, 2007 I found this function for you in PHP: strip_tags( ) PHP won't prevent the user from entering HTML, but this function will strip it out. Quote Link to comment Share on other sites More sharing options...
corillo181 Posted June 26, 2007 Share Posted June 26, 2007 you could use java script to see if they used anything other then simple text and numbers.. so check in to javascript.. php needs for you to submit the text so the user can enter it, but it wont work ..but with javascript they can't enter it at all. Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted June 26, 2007 Share Posted June 26, 2007 Implement both but javascript can be disabled so you MUST check server side to ensure no html is entered to be absolutely sure. Quote Link to comment Share on other sites More sharing options...
Azu Posted July 11, 2007 Share Posted July 11, 2007 Don't even bother with the javascript. Anyone wanting to find exploits is going to have javascript either completely killed, or just block whatever protection you put in it. And on top of that, you will only piss off legitimate users, maybe forcing them to just give up entirely and not try to use the form ever again. Just let PHP remove any bad data. No problems then. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.