I have a notice board that has public access in PHP. The data is saved in a MySQL db. How can I prevent the user from inserting PHP scripts or lines of code into the database?
If you only want to display data in html, the simplest way is to use htmlspecialchars() that replaces things like < and quotes to the html entities like <, which don't execute.
