Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Mar 2009
    Location
    Michigan
    Posts
    26
    Thanks
    2
    Thanked 0 Times in 0 Posts

    How do you print a literal string with HTML?

    I'm trying to make a small user-input feature (think like a forum, but no threads or topics, just a list of user posts) and I want to prevent the use of HTML, JavaScript, PHP, etc in the input.

    I plan to have it go from a text input box through a PHP script to put it in MySQL, then have it display on the page. If I just do <?php echo $post['message']; ?>, code within the message is still valid.

    It's kind of a simple problem but when I search "html literal string" in Google, I get a lot of .html pages about literal strings which doesn't help me much.

  • #2
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Before it goes into the database do a strip_tags on the input, then run it through htmlentities() and then finally make sure you are escaping special characters by using mysql_real_escape_string if you are using mysql.

    You could also use something like this: http://chxo.com/chxo-scripts/safe_html/
    Last edited by _Aerospace_Eng_; 03-21-2009 at 06:56 AM.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • Users who have thanked _Aerospace_Eng_ for this post:

    Shinykirby (03-21-2009)

  • #3
    New Coder
    Join Date
    Mar 2009
    Location
    Michigan
    Posts
    26
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Much appreciated, thanks.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •