With PHP before anything is inserted into the database you can check the string for any coding which include html, perl, php etc and either remove it or pop up a message saying that only plain text is allowed in the box.

RS

<?php
$varname= eregi_replace( "<?php[^>]*>", "", $_METHOD['NAME']);
?>

Completly Strip ASP Tags

<?php
$varname = eregi_replace( "<%[^>]*>", "", $_METHOD['NAME']);
?>

You can then insert the original text just by using 'echo'...

<?php
echo ('$varname');
?>

If you are inserting into a database of course then you need to specify the $varname field as the input data for the column you need to put it in.

The 'eregi_replace' function can remove anything e.g.

eregi_replace( "<P - Paragraph Tags
eregi_replace( "<IMG - Image's

You will notice in the string there is "" specified, this is what the tag is replace with so you could specify that the PHP, ASP, IMG etc are replace with a comment or something.

RS

Have a play and see if it works and if not then maybe we can find another way to do it.