How to block all html and javascript tags in text input?
My code is:
$pav = stripslashes($_POST['pavadinimas']);
$pav2 = mysql_escape_string($pav);
But it doesn't block html and javascript tags
How to block all html and javascript tags in text input?
My code is:
$pav = stripslashes($_POST['pavadinimas']);
$pav2 = mysql_escape_string($pav);
But it doesn't block html and javascript tags
Remove both these calls: stripslashes()
does nothing good here, and mysql_real_escape_string()
should be used only before data is inserted into a mySQL query.
Do either htmlspecialchars()
(if you want to preserve the HTML source code, but make the tags visible) or strip_tags()
(to just vanish the HTML).