1
I created a messenger, and after the user writes the message it is saved in the database in format sweep, when the recipient sees the message, if it has been written with tags HTML, and tags of Script this is displayed to the recipient. How to make this not happen?
4
In a simple way you replace in all < por < e > por >
before saving in the bank
if php can use
htmlspecialchars('<strong>qualquercoisa</strong>')
Browser other questions tagged php html mysql formatting
You are not signed in. Login or sign up in order to post.
you want to ban tags or want them to be sent in text form?
– Douglas Carvalho
I did not think about this alternative, but it is valid as well. Either of the two will do, as long as it no longer works.
– Raizant
Then the Milestone answer solves, replace < with < and > with > .
– Douglas Carvalho