Hello. I just finished creating a simple input form in
which the contents of a textarea get written to a file
which in turn gets read by a particular page. is there
anyway to disable any html or php tags that the user
might have typed in? it seems pretty dangerous to
allow a user to enter any
Would strip_tags() do?
On Mon, 2002-02-18 at 21:47, Police Trainee wrote:
Hello. I just finished creating a simple input form in
which the contents of a textarea get written to a file
which in turn gets read by a particular page. is there
anyway to disable any html or php tags that the user
Hello. I just finished creating a simple input form in
which the contents of a textarea get written to a file
which in turn gets read by a particular page.
This is a Really Bad Idea(tm).
it seems pretty dangerous to allow a user to enter any
amount of php programming at their will.
...
Would strip_tags() do?
Easily gotten-around then by not closing your PHP ? ? tags.
J
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Hello. I just finished creating a simple input form in
which the contents of a textarea get written to a file
which in turn gets read by a particular page. is there
anyway to disable any html or php tags that the user
might have typed in? it seems pretty dangerous to
allow a user to enter
Yes, there is a function strip_tags(). Also look at the functions,
htmlentities() and htmlspecialchars().
Janet
- Original Message -
From: Police Trainee [EMAIL PROTECTED]
To: PHP [EMAIL PROTECTED]
Sent: Monday, February 18, 2002 9:47 PM
Subject: [PHP] nullifying php and html tags
6 matches
Mail list logo
