Check If There is HTML in input

Question

I have a textarea where user can add something. To avoid inserting HTML i use following PHP functions on textarea?

$text = addslashes(strip_tags(htmlspecialchars($_POST['message'])));

A message from the user is looks like in the DB like below.

8KsAtP  &lt;a href=&quot;http://lqexajgwyrsk.com/&quot;&gt;lqexajgwyrsk&lt;/a&gt;,
[url=http://imndawriqhnk.com/]imndawriqhnk[/url],
[link=http://qyozfozrqier.com/]qyozfozrqier[/link],
http://oykrvybeqata.com/

My Question is that how can i check there is HTML code in textarea, instead of inserting it in DB like above i want to show error message.

My Question is different to How to prevent XSS with HTML/PHP? in the way that I am asking how to check if there is html or link in field. and answer on this question how can i check is also provided by Dale. While this question is asking about how to prevent. and i already use functions given in this answer.

That's the wrong order `strip_tags` will have nothing to strip because `htmlspecialchars` will have converted all tags to their entities. Use the `htmlspecialchars` on output, and encode the quotes as well. — chris85, May 05 '16 at 14:37
http://php.net/manual/en/function.htmlspecialchars.php , and http://php.net/manual/en/function.htmlentities.php — Dan Costinel, May 05 '16 at 14:43

score 0 · Accepted Answer · answered May 05 '16 at 14:37

0

To answer your question directly:

// check there is no html content
if(strip_tags($_POST['message']) == $_POST['message']) {
    // continue to process
} else {
    // there is html in the message
}

answered May 05 '16 at 14:37

Dale

10,384
21
34

Check If There is HTML in input

1 Answers1