Block HTML from being entered in a form

How can I block HTML from being entered into my PHP guest book form?!

You can't. However, you can encode it to ensure that it is not transmitted back to the browser as raw HTML by using the htmlentities function. If you do that, then it will show up as-typed because <> are converted to &lt; and &gt;, for example.

[strip_tags]

You can't. However, you can encode it to ensure that it is not transmitted back to the browser as raw HTML by using the htmlentities function. If you do that, then it will show up as-typed because <> are converted to &lt; and &gt;, for example.

thats not true, check the function strip_tags

Thanks Olaf!

strip_tags doesn't stop people entering the tags in the form, it just strips them. Yes, that's an alternative to quoting them. You could also do something else to them with a regex. My point was: you have to deal with the fact that someone might enter them in the form, rather than trying to prevent it at source.

Personally, I dislike strip_tags, since it discards the input --- what if someone wanted to enter text that just happened to look like HTML tags?

sure preventing people to enter html tags is not possible, but if someone like to block html in his guestbook "strip_tags" is the answer

[Join us @ facebook]

Personally, I dislike strip_tags, since it discards the input --- what if someone wanted to enter text that just happened to look like HTML tags?

In that case you can use htmlspecialchars()

[Guest]

[62.885]

Googlebot, Yahoo crawler