validating textarea

hi,

can anybody please tell me how to avoid the user from entering any html code like '<','>', any other malicious characters in textarea using javascript/php.


thanks
mrjameer

i supose one way is to change all "<" to "%3C" which is the html entitie for it, this will stop it doing anything harmfull and will just display as a < in the browser view (in the source code it will be %3C)

php has a function to change all html chars to their entities.

htmlentities()

Form..

<form method="post" action="go.php">
<textarea name="text"></textarea>
<input type="submit" value="go!!">
</form>


go.php

<?php
echo htmlentities($_POST[text]);
?>