Avoid "hacking" on text field forms? .. NO html allowed or anything else?

HTML & CSS
#1

On my website, user can edit their profile through a form that allows them to enter their age, name, location and information about them…

I was wondering how can i avoid javascript, html or any type of coding and just make them plain text?

Because i was visiting a site one day and a pop up message appeared with a dumb text, and then i researched and found out that this person used

I dont want to happen on my website because that is just a simple alert box but people with more knowledge could do more harm than that

#2

Hi there,

In the php that deals with the form submission, clean the $_POST variables with addslashes() and strip_tags() before storing them in your database

#3

Thank you very much! And last question. When it’s a text area, multi-line. How can I make it display with rows in case the user hits tab and writes a description with paragraphs? Right now it just displays it as a whole chunk all together

#4

I man, when the user hits ENTER

#5

You can use a php function nl2br:

[php]echo nl2br($_POST[‘textarea’]);[/php]

#6

AWESOME!, ;D ;D ;D ;D ;D

You rock! thanks!

Sponsor our Newsletter | Privacy Policy | Terms of Service