I'm trying to write a simple comment system on my web site and am having a little problem.
Obviously I don't want people to be able to post HTML tags as comments 'cause that could mess things up, so...
I'm trying to write code that stops this happening. What I'm trying to do is compare each element the $_POST['message'] variable (the comment) to the chars <, > and &.
At the moment, I'm only comparing it to < because I can't get it to work, here's what I've got so far:
Code: Select all
<?PHP
session_start();
$message = $_POST['message'];
$length = strlen($message);
for($i = 0; $i < $length; $i++)
{
if($message[$i] == '<')
{
echo("< found, comment not allowed...");
break;
}
else
{
echo ("comment OK");
break;
}
}
?>
Any help is much appreciated.