I have created a messenger, and after the user writes the message it is stored in the database in varchar format, at the time the recipient sees the message, if it was written with HTML tags, and Script tags this is displayed to the recipient. How can you prevent this from happening?
How to remove HTML and Scripts in user-written messages?
1
asked by anonymous 16.12.2016 / 13:35
1 answer
4
In a simple way, you replace in all < por < e > por >
before saving to the bank
If you are php you can use
htmlspecialchars('<strong>qualquercoisa</strong>')
16.12.2016 / 13:44