Hi. I'm having the following problem: I have a page where a user inserts text inside a textarea and then I output the contents of that textarea in another page (php).

If the user decides to insert, for example

<input type="text" name="_name"> 

then when showing the output I will have a textbox shown. I want to force text only to appear. Thank you.

  • You should ask this question on stackoverflow.com. It's all about PHP and processing user input - a highly sensitive area where many malicious server hacks start if not done properly. Tony Crockford over 8 years ago
  • OK. I asked at the StackOverflow and got a quick answer. Elvis Pestana over 8 years ago

2 answers

This was chosen as the best answer

The simple answer is to run the text through htmlentities, but sanitizing user input is a minefield so, as Tony suggests, you'd be better of asking on StackOverflow.

Answered over 8 years ago by Rob Crowther

Use htmlspecialchars($string, ENT_QUOTES);

Answered over 8 years ago by johniram