View Full Version : Form that doesnt allow html

11-01-2009, 04:23 AM
I have a form for your name and when they click submit, there name is displayed in a list and the name is put in a database. But everyone seems to want to use html to mess up the site so how do you make it so what they type in is only text stuff and not html?

A very simple form:

<form action="index.php" method="POST">
<font color="white">Name </font> <input type="text" name="name"/>
<input type="submit" value="Click!" />

11-01-2009, 05:34 AM
You need to clean and verify all data that could be inputted through a form, otherwise you risk having your db deleted.

what sort of database are you using?


11-01-2009, 05:45 AM
Its mysql5, Iv pretty much deleted everything that was messing up my site.

11-01-2009, 06:31 AM
You'll need to use regexes etc, to make sure that only the characters you want to be allowed, are allowed.


11-01-2009, 01:50 PM
You may strip_tags() (http://php.net/strip_tags)