Re: Crazy user input with html in it

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I run across this in all the user input forms I do. People are always trying to put weird stuff in there. Usually I just use the str_replace function to strip out unwanted characters. Cheers.

Armando

Ross Honniball wrote: 
Hi all,

Say you get some text field from a user and store it in a database. Then later you display this input. If the user has coded html in the actual input, without running this through some kind of parsing function, it could give you some odd results.

For example, say the user types in, as text <input type="text">

Then when you display this data (echo it), your page will show an html input box.

I think there are a number of functions in php to cope with this, but wondering what people find to be the best/most efficient or whatever one.

What do you do?
..
.. Ross Honniball. JCU Bookshop Cairns, Qld, Australia.
..


--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[Index of Archives]     [PHP Home]     [PHP Users]     [PHP Database Programming]     [PHP Install]     [Kernel Newbies]     [Yosemite Forum]     [PHP Books]
  Powered by Linux