SNos
Reputation: 3470
Prevent input to submit html code/script
I am creating a directory where the users are able to post articles. To get the values to be posted I am using inputs html elements and using $.post to save the data in the database.
However, I have a problem that if an user writes some html code in the article it is saved formatting the code.
for example if the value entered is:
<input type="text" value="this is an article title <script>$("body").remove();</script>">
when the post is submitted the page will load also the js script removing the body.
How can avoid this and tell that in the input field there is a script, or formatting the script to show as a text?
Upvotes: 3
Views: 909
Answers (1)
Dennisrec
Reputation: 333
<?php
//Simple answer
#when you echo data results from the database. consider code below..
#Assuming you are at the last process of echoling the data out.
$data='THIS WOULD BE YOUR DATA OBJECT OR VARIABLE CONTAINING DATA FROM THE DATABASE';
#then...
$data=htmlentities($data);
#or
$data=strip_tags($data);
#or
$data=htmlspecialchars($data);
#just be assured that tags or code will not be executed by the browser once above is included!
echo $data;
Upvotes: 2
Related Questions
- Prevent users from submitting a form by hitting Enter
- Disable user from typing in input
- How to prevent form submission in javascript
- Prevent form submission with enter key
- How to disable <input> submit but not typing
- Disable enter submit
- Disable submit a form in html when press Enter key
- Prevent an input from submitting
- How to prevent form submission on Enter
- Using JQuery, how can I prevent users from entering script or html into input fields?