Hi friends,

In my php form I just blocked the sql injection by adding below into my processing page $comment=mysql_real_escape_string($_POST['comment']); But I need to add "Richtext format in My Form ( Ie BOLD, ITALICS and UNDERLINE ).

Now I just want to enable only these in my processing page ( Only <b>,</b>,<u>,</u>,<i>,</i>).

Please advise me how to do this..
Thanks in advance
Rajeesh

mysql_real_escape_string escapes only following characters to prevent sql injection,
\x00, \n, \r, \, ', " and \x1a.

You can use strip_tags to add particular tags to your processing comment.

strip_tags($_POST['comment'], '<u></u><i></i><b></b>'); // Allow <u></u><i></i><b></b>

strip_tags

Thank you for your kind reply ......

I will go through it
Once again thanks

mysql_real_escape_string escapes only following characters to prevent sql injection,
\x00, \n, \r, \, ', " and \x1a.

You can use strip_tags to add particular tags to your processing comment.

strip_tags($_POST['comment'], '<u></u><i></i><b></b>'); // Allow <u></u><i></i><b></b>

strip_tags

Thank you for the POST...!!!