vt100
Reputation: 1003
Secure inserting value of $_POST['textarea'] into <textarea> HTML tag using PHP only
Is there any way to insert $_POST['textarea'] into <textarea> without escaping shell special chars?
I do sth. like :
<textarea>
<?php
echo escapeshellcmd($_POST['textarea_field']) ;
?>
</textarea>
and I have a problem with \ chars. I do not wont them in <textarea> but without escapeshellcmd(); function it is possible to post HTML </textarea> tag and insert whatever from HTML to javascript code after. Can you give me some advice regarding this problem, please? Can I insert posted data into textarea without \ chars?
Thanks in advance for any suggestion.
Upvotes: 0
Views: 2044
Answers (2)
deceze
Reputation: 522250
Try it with htmlspecialchars. escapeshellcmd is for a different purpose, namely escaping shell commands.
Upvotes: 3
Related Questions
- Submit contents of Textarea in form?
- Post Values of "textarea" using php
- safely load HTML from user into textarea
- textarea that contains pre code security
- Secure URL textarea
- Textarea PHP post issue
- send HTML Code in Textarea to PHP via Form
- Prohibit the posting of HTML in textarea form field
- Stop users from entering PHP code in textarea?
- about html textarea's post value