Page 1 of 1

block <? and ?> on form submit

Posted: Sat Mar 25, 2006 4:19 am
by pedroz
How is the best way to block the following chars in the form submit?

<? and ?>

For example, if a user submits
Name: <? die(); ?>

it will not display nothing but it will accept the submit...

I would like to know the best form to block this.

Posted: Sat Mar 25, 2006 5:15 am
by s.dot
that shouldn't be a problem...

but run htmlentities() on your form input.

or if you don't want it to display at all...

Code: Select all

$data = str_replace(array('<?','<?php','?>'),'',$_POST['field']);