View Full Version : Form that doesnt allow html

Nov 1st, 2009, 04:23 AM
I have a form for your name and when they click submit, there name is displayed in a list and the name is put in a database. But everyone seems to want to use html to mess up the site so how do you make it so what they type in is only text stuff and not html?

A very simple form:

<form action="index.php" method="POST">
<font color="white">Name </font> <input type="text" name="name"/>
<input type="submit" value="Click!" />

Nov 1st, 2009, 05:34 AM
You need to clean and verify all data that could be inputted through a form, otherwise you risk having your db deleted.

what sort of database are you using?


Nov 1st, 2009, 05:45 AM
Its mysql5, Iv pretty much deleted everything that was messing up my site.

Nov 1st, 2009, 06:31 AM
You'll need to use regexes etc, to make sure that only the characters you want to be allowed, are allowed.


Nov 1st, 2009, 01:50 PM
You may strip_tags() (http://php.net/strip_tags)