i have a form which writes some text into db. other page, f.e. news.php takes that text from db and prints. If any user uses html tags, ofcourse they are written into the db. I need to disable html because of well-known methods to 'crack' page. thanks a lot 😉
see http://www.php.net/manual/en/function.addslashes.php
Use, strip_tags(); strip_tags($string,'allowed tags');
Example...
$newstring = strip_tags($string,'<a><i><u><b>');
// you can also use htmlspecialchars($str) $text="<b>hi</b>"; echo htmlspecialchars($text);
Prints:
ltbgt hi lt/bgt [*=&] so it will print the html code to the page, just not parse it
thaks a lot 🙂 i like this forum...
