How to prevent user from entering javascript in textarea

Hello Guys,

I have a text area where user can enter anything, but i prevent the user
from entering javascript in the textarea. (need server side validation/control).

If anyone have any ideas , let me know..


Thanx in Advance,
Arvish

 

try strip_tags function

 

use the textarea readonly property. And it will prevent user from entering the text into the textarea.

 

Simply use htmlspecialchars($_POST[$attribute_name]) and you don't have to bother what users puts in your textarea field. All HTML special characters like < or > will be replaced with HTML codes like &lt; &gt;

Here you can find more info http://pl.php.net/manual/pl/function.htmlspecialchars.php

 

Thanx Buddy....

 

Look up sanitizing forms etc.
Learn it for all the different ways you need to protect against.

 

you can try htmlentities() to also prevent any html tags

So if they were to type like <b> as a way to bold stuff, running it through htmlentities will actually display the tags

$mytext = htmlentities($mytext);

 

you should use htmlspecialchars function or strip_tags. If you're working with database, use mysql_real_escape_string function as well.

 

use escape tags. or use HTML codes like &lt; &gt;. do the same for your sql queries.