duadpnld426905 2016-03-22 12:39
浏览 73
已采纳

如何阻止用户将HTML代码放入文本输入中

iv been building a website and while testing I noticed that if I put <em>bob</em>

or something similar in my text fields on my register/udate pages they are stored on the database as entered '<em>bob</em>' but when called back on to the website they display in italics

is there a way to block html code from my text inputs? or dose it only read as html when being echoed back on the page from the database? mostly just curious to know what's happening here? the name displaying in italics isn't a major issue but seems like something the user shouldn't be able to control?

p.s. i can provide code if needed but didn't think it would be much help in this question?

  • 写回答

3条回答 默认 最新

  • dongqiangteng7319 2016-03-22 12:42
    关注

    You can use strip_tags to remove all HTML tags from a string: http://php.net/manual/es/function.strip-tags.php

    <?php
$text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>';
echo strip_tags($text); // Output: Test paragraph. Other text
echo "
";

// Allows <p> and <a>
echo strip_tags($text, '<p><a>'); // Output: <p>Test paragraph.</p> <a href="#fragment">Other text</a>
?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 TLS1.2协议通信解密
  • ¥40 图书信息管理系统程序编写
  • ¥20 Qcustomplot缩小曲线形状问题
  • ¥15 企业资源规划ERP沙盘模拟
  • ¥15 树莓派控制机械臂传输命令报错,显示摄像头不存在
  • ¥15 前端echarts坐标轴问题
  • ¥15 ad5933的I2C
  • ¥15 请问RTX4060的笔记本电脑可以训练yolov5模型吗?
  • ¥15 数学建模求思路及代码
  • ¥50 silvaco GaN HEMT有栅极场板的击穿电压仿真问题