How would I keep javascript and php code from being entered into a form or saved to a database ? I’m still learning about client/server-side security and this seems to be an issue I need to resolve :p Could I do this on php side?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How would I keep javascript and php code from being entered into a form or saved to a database ? I’m still learning about client/server-side security and this seems to be an issue I need to resolve :p Could I do this on php side?
When you are inserting in a database with php, you can use the the strip_tags() function.
eg:
The strip_tags function will strip all the html tags from the passed variable including the tag <script> so no JavaScript will be passed. http://php.net/manual/en/function.strip-tags.php
Edit:
Added the mysql_real_escape_string()