php - How to disable executing scripts in input? -
i'm using prepared statements "post" on page, when write something, shows without problems, when input text :
<div style="border:2px solid #000;">some text</div> it styles output... tried on facebook , when try there, shows normal text...(naturally)... supposed ? thanks!
use htmlentities() when displaying output. translate < , > characters entities < , >, they'll rendered literally instead of processed html:
echo htmlentites($variable);
Comments
Post a Comment