Disabling HTML input in forms

Galahad · March 11, 2011

Is there anyway i could disable someone putting in html in a form that changes there name, location etc. as if they put

in the form it will make users redirect to a different page when they visit the players profile.

Maniak · March 11, 2011

strip_tags(); htmlentities(); htmlspecialchars(); str_replace();

Galahad · March 11, 2011

strip_tags(); htmlentities(); htmlspecialchars(); str_replace();

Thanks but where do I place this?

Maniak · March 11, 2011

In your preferences:

$name = mysql_real_escape_string(strip_tags($_POST['name'])); OR

$name = mysql_real_escape_string(htmlentities($_POST['name'])); OR

$name = mysql_real_escape_string(htmlspecialchars($_POST['name'])); OR

$name = str_replace(array("<", ">"), array("",""), $_POST['name']); $name = mysql_real_escape_string($name);

I don't tend to use str_replace so I may have given a bad example!

Galahad · March 11, 2011

In your preferences:
$name = mysql_real_escape_string(strip_tags($_POST['name'])); OR

$name = mysql_real_escape_string(htmlentities($_POST['name'])); OR

$name = mysql_real_escape_string(htmlspecialchars($_POST['name'])); OR

$name = str_replace(array("<", ">"), array("",""), $_POST['name']); $name = mysql_real_escape_string($name);

I don't tend to use str_replace so I may have given a bad example!

Strange, i put that in and it didn't seem to work. Just gives out a blank screen

Maniak · March 11, 2011

I don't mean all of them; just 1 of them. PM me the file; and i'll do it for you :)

Galahad · March 11, 2011

I don't mean all of them; just 1 of them. PM me the file; and i'll do it for you :)

Yup i know, i tried putting in

$name = mysql_real_escape_string(htmlspecialchars($_POST['name']));

but no luck.

The file is -

http://pastebin.com/29hUGUn6

:)

Sign In

Disabling HTML input in forms

Recommended Posts

Galahad

Maniak

Galahad

Maniak

Galahad

Maniak

Galahad

Join the conversation

Browse

Activity

Hosting