0

i have a form that posts to a database and i was testing code that prevents any javascript or othe client-side scripting from being submitted to the database.All javascript code i submitted ended up in the database, i figure this is bad.How can i prevent this?

Edited by rhodoscoder

4
Contributors
5
Replies
25
Views
4 Years
Discussion Span
Last Post by cereal
0

use the PHP code

strip_tags()

on your PHP page.
example:

$variablename = strip_tags($_POST['myvalue']);

Edited by decade

1

Consider to use HTML Purifier in your application: http://htmlpurifier.org/

It will give you the ability to whitelist the tags that you want to allow and, most important, it will validate the attributes, removing the javascript included.

0

thank you@Alibi Ghazi, $decade and @cereal.@cereal I ran into html purifier but haven't tried it yet, i heard it slows down you app.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.