i have a form that posts to a database and i was testing code that prevents any javascript or othe client-side scripting from being submitted to the database.All javascript code i submitted ended up in the database, i figure this is bad.How can i prevent this?

Recommended Answers

The easiest solution is to create a verification test (in js) on the form .

Jump to Post

Consider to use HTML Purifier in your application: http://htmlpurifier.org/

It will give you the ability to whitelist the tags that you want to allow and, most important, it will validate the attributes, removing …

Jump to Post

All 5 Replies

The easiest solution is to create a verification test (in js) on the form .

use the PHP code

strip_tags()

on your PHP page.
example:

$variablename = strip_tags($_POST['myvalue']);

Consider to use HTML Purifier in your application: http://htmlpurifier.org/

It will give you the ability to whitelist the tags that you want to allow and, most important, it will validate the attributes, removing the javascript included.

thank you@Alibi Ghazi, $decade and @cereal.@cereal I ran into html purifier but haven't tried it yet, i heard it slows down you app.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.20 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.