> Hello. I just finished creating a simple input form in > which the contents of a textarea get written to a file > which in turn gets read by a particular page. is there > anyway to "disable" any html or php tags that the user > might have typed in? it seems pretty dangerous to > allow a user to enter any amount of php programming at > their will. > something as simple as a function that strips all <'s > and >'s would work just as well i would imagine.
Look at ereg_replace() and html_special_chars() in the fine manual: http://www.php.net/manual/en/function.ereg-replace.php http://www.php.net/manual/en/function.htmlspecialchars.php ------------------------------------------------------------------------ Greg Donald - http://destiney.com/ http://phprated.com/ | http://phplinks.org/ | http://phptopsites.com/ ------------------------------------------------------------------------ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
