Reputation: 327
How do I stop input type text from executing html code
I use a system on creating and then querying the data form the db into a table.The problem is that if I write for example <h1>test</h1>, the table executes it as a html code.
How can I stop it from executing the code, just querying as simple text.
Upvotes: 0
Views: 160
Answers (2)
Reputation: 1453
You should change some characters in your html so it'll not be recognized by browser as html. For php htmlspecialchars() will fit your purpose ( http://php.net/manual/en/function.htmlspecialchars.php ).
P.S. Hope you do validation of input before inserting it to DB.
Upvotes: 0
Reputation: 114417
You need to sanitize the input on the server before using. This is also important to prevent SQL injection attacks.
How you do this depends on which server-side language you're using.
For PHP,
See: http://php.net/manual/en/function.strip-tags.php
See: http://www.bitrepository.com/sanitize-data-to-prevent-sql-injection-attacks.html
Upvotes: 2
Related Questions
- How can i prevent to start inputs at nasty way
- HTML Input Box - Disable
- Prevent browser predicting input in input box
- Stop user from inputing text in input field
- how to prevent displaying spaces in html code
- Prevent HTML data from being posted into form textboxes
- how to stop user putting HTML code in text inputs
- HTML disable enter in my code
- Stop html in text entered
- How to stop text boxes from interpreting information entered as HTML