Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Jun 2009
    Posts
    278
    Thanks
    78
    Thanked 2 Times in 2 Posts

    Form that doesnt allow html

    I have a form for your name and when they click submit, there name is displayed in a list and the name is put in a database. But everyone seems to want to use html to mess up the site so how do you make it so what they type in is only text stuff and not html?

    A very simple form:

    Code:
    <center>
    <form action="index.php" method="POST">
    <font color="white">Name </font> <input type="text" name="name"/>
    <input type="submit" value="Click!" />
    </form>
    </center>

  • #2
    Master Coder
    Join Date
    Apr 2003
    Location
    in my house
    Posts
    5,211
    Thanks
    39
    Thanked 201 Times in 197 Posts
    You need to clean and verify all data that could be inputted through a form, otherwise you risk having your db deleted.

    what sort of database are you using?

    bazz
    "The day you stop learning is the day you become obsolete"! - my late Dad.

    Why do some people say "I don't know for sure"? If they don't know for sure then, they don't know!
    Useful MySQL resource
    Useful MySQL link

  • Users who have thanked bazz for this post:

    cincinnatiboy4867 (11-01-2009)

  • #3
    Regular Coder
    Join Date
    Jun 2009
    Posts
    278
    Thanks
    78
    Thanked 2 Times in 2 Posts
    Its mysql5, Iv pretty much deleted everything that was messing up my site.

  • #4
    Master Coder
    Join Date
    Apr 2003
    Location
    in my house
    Posts
    5,211
    Thanks
    39
    Thanked 201 Times in 197 Posts
    You'll need to use regexes etc, to make sure that only the characters you want to be allowed, are allowed.

    bazz
    "The day you stop learning is the day you become obsolete"! - my late Dad.

    Why do some people say "I don't know for sure"? If they don't know for sure then, they don't know!
    Useful MySQL resource
    Useful MySQL link

  • #5
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,866
    Thanks
    160
    Thanked 2,224 Times in 2,211 Posts
    You may strip_tags()
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •