Hello! I have a php based site, and want the users to be able to add comments to things. But I tested to add <h1>,<b>,<iframe> and other tags to that comment, and they worked. That isn't good for the security of this site. How do I make a HTML free space, where the HTML doesn't work? Or is that not possible? Thanks, Kalle
You could use PHP's strip_tags function: $text = '<p>Test paragraph.</p><!-- Comment --> Other text'; echo strip_tags($text); Code (markup): Would display: Test paragraph. Other text Code (markup): http://us2.php.net/manual/en/function.strip-tags.php
Well, that wasn't really what I wanted to do, but I got help at a php forum. The solution was the following: $variable = "Comment"; echo htmlentities($variable); PHP: That would make it display the comment, but ignore tags like <h1> and just show them as plain text, as they are shown here in the forums.