0

I have a HTML Form and I am submitting using PHP. I need the user to input the html string like html tags. But I want to secure my website as well. I do not want the user to inject any malicious code or any type of SQL Injection or Hacking Code.

So, how can I secure the form in PHP with allowing user to give the HTML Code in textarea as well.

Here is a code:

<?php

if($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_GET['pdf']) ){

$post_data = $_POST['post_data']; // this can have the html tags also for example: '<h1>post data</h1>'

//creating pdf here

}

?>

<!DOCTYPE html>
<html>
<head>
    <title></title>
</head>
<body>
    <form action="?pdf" method="POST" enctype="multipart/form-data" autocomplete="false">
        <h3>Paste Your HTML CODE Here...</h3>
        <textarea name="post_data" rows="10" cols="10" placeholder="Your HTML CODE HERE"></textarea>
        <button type="submit">Create PDF</button>
    </form>
</body>
</html>
chetan rohilla
  • 1
  • 3
  • PLease share your code and define more precisely your concern. – Dri372 Jun 13 '21 at 07:06
  • I added the code plz suggest how can i secure post data even i am allowing user to enter html code in textarea – chetan rohilla Jun 13 '21 at 07:18
  • One way could be to not let the user write HTML, but using markdown instead (just like you do here on Stack Overflow when you write questions/comments). Then they can add some specific and limited formatting that you then convert into HTML before outputting it. It also helps against the broken HTML (which also is a risk if they can enter HTML directly) – M. Eriksson Jun 13 '21 at 07:36

0 Answers0