Peťko Tomko
Reputation: 15
How to disable executing scripts in input?
I'm using prepared statements to "post" something on my page, when I write something, it shows without any problems, but when I input text like this :
<div style="border:2px solid #000;">Some TEXT</div>
It actually styles the output... I tried it on facebook and when I try to do it there, it shows just normal text...(naturally)... What am I supposed to do ? Thanks!
Upvotes: 0
Views: 97
Answers (2)
darkAsPitch
Reputation: 1875
You are looking for the PHP strip_tags function.
<?php
$text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>';
echo strip_tags($text);
echo "\n";
// Allow <p> and <a>
echo strip_tags($text, '<p><a>');
?>
The above example will output:
Test paragraph. Other text
<p>Test paragraph.</p> <a href="#fragment">Other text</a>
Upvotes: 0
Barmar
Reputation: 781096
Use htmlentities() when displaying the output. This will translate the < and > characters to entities < and >, so they'll be rendered literally instead of processed as HTML:
echo htmlentites($variable);
Upvotes: 1
Related Questions
- How to disable an input in HTML/PHP
- Prevent user-entered scripts from running in webpage
- How to stop a PHP exec from web interface
- PHP - Stop attackers in using javascript in inputbox
- HTML disable enter in my code
- Disable javascript entry into form
- Stop php script execution
- Prevent php from executing if javascript is enabled
- Stop direct execute php code without button click
- Disable php script via Javascript