pretty simple! use function strip_tags().
normally we use form to take user input and store it in database and later display that data from database again.
to prevent XSS attack, pass the posted data in strip_tags() function before entering it into database.
example:
// $pbody=strip_tags($_POST['body']);
PS: sorry for not going into details! i'm lazy guy!
normally we use form to take user input and store it in database and later display that data from database again.
to prevent XSS attack, pass the posted data in strip_tags() function before entering it into database.
example:
// $pbody=strip_tags($_POST['body']);
PS: sorry for not going into details! i'm lazy guy!
We can do this by htmlspecialchars() also..!!
ReplyDeleteyupp. :)
ReplyDelete