How do I strip code from an html form?

Forum Moderators: coopster

Message Too Old, No Replies

How do I strip code from an html form?

I don't want code from any programming/scripting language to function.

cgcody

8:00 pm on Oct 12, 2006 (gmt 0)

How would I go about creating these safety measures for something like a blog/forum? There must be a function that says everything inside of >here< is just plain text.

Thanks. :)

Habtom

9:01 pm on Oct 12, 2006 (gmt 0)

htmlentities would make it plain.

Hab

coopster

9:06 pm on Oct 12, 2006 (gmt 0)

You can also use strip_tags [php.net] or regular expressions [php.net].

cgcody

11:14 pm on Oct 12, 2006 (gmt 0)

Thank you both. I looked into all of those, and htmlentities led me to htmlspecialchars. This seems to be what I'm looking for, as I don't want people to be able to use html code either. I simply want anything and everything printed as it was typed. (Never know when I'm going to have a conversation about code. *shrugs*)

I've done a few tests, but can anyone reassure me that there is no way around this. Any special sequence of text that would allow malicious users to do harm?

By the way, I'm creating a databaseless system. I guess that could be useful information.

Thanks again. :)