Reputation: 81
How to avoid css and scripting effect when input on textbox
Problem i have a textbox <input type="text" name="message" placeholder="message"> what I want is to avoid css inputs and scripts.
cause when i type EFFECTS the text turns red and has been save to my database, same effect when script is type. Need help pros. Thanks.
Upvotes: 1
Views: 72
Answers (1)
Reputation: 6016
This is called XSS. Wikipedia:
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side script into web pages viewed by other users
To defend against XSS you need to convert < and > into html entities when you do the output, by using one of the following functions: htmlspecialchars or htmlentities.
You can take a look at this question to decide which one to use.
Alternative, if you want to allow only some tags, look at strip_tags function.
Upvotes: 1
Related Questions
- How do I pass command line arguments to a Node.js program and receive them?
- How do you disable browser autocomplete on web form field / input tags?
- How can I transition height: 0; to height: auto; using CSS?
- How do CSS triangles work?
- What is the difference between margin and padding in CSS?
- How do I reduce the opacity of an element's background using CSS?
- Set cellpadding and cellspacing in CSS?