In my php form I just blocked the sql injection by adding below into my processing page
$comment=mysql_real_escape_string($_POST['comment']); But I need to add "Richtext format in My Form ( Ie BOLD, ITALICS and UNDERLINE ).
Now I just want to enable only these in my processing page ( Only <b>,</b>,<u>,</u>,<i>,</i>).
Please advise me how to do this..
Thanks in advance