I am making a website where people will publish an article. I make them write their article in a textarea, but I don't want them to add javascript, php or any other langage than html to prevent XSS or SQL injections. I'm trying to delete javascript or php code written by user in a form How can I do this?
Asked
Active
Viewed 72 times
1 Answers
0
Just cut out all the <script> tags and don't execute the string from the <textarea> element (and use single quotes only). Against SQL injection you can use mysqli_real_escape_string to escape all SQL special characters.
G_hi3
- 588
- 5
- 22