...

View Full Version : Form that doesnt allow html



Ndogg
11-01-2009, 04:23 AM
I have a form for your name and when they click submit, there name is displayed in a list and the name is put in a database. But everyone seems to want to use html to mess up the site so how do you make it so what they type in is only text stuff and not html?

A very simple form:


<center>
<form action="index.php" method="POST">
<font color="white">Name </font> <input type="text" name="name"/>
<input type="submit" value="Click!" />
</form>
</center>

bazz
11-01-2009, 05:34 AM
You need to clean and verify all data that could be inputted through a form, otherwise you risk having your db deleted.

what sort of database are you using?

bazz

Ndogg
11-01-2009, 05:45 AM
Its mysql5, Iv pretty much deleted everything that was messing up my site.

bazz
11-01-2009, 06:31 AM
You'll need to use regexes etc, to make sure that only the characters you want to be allowed, are allowed.

bazz

abduraooft
11-01-2009, 01:50 PM
You may strip_tags() (http://php.net/strip_tags)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum