I want to evaluate some strings that are inputed by users before storing them in a database. I don't want to allow a user to add html codes to the string. What is the best way to check to see if they have snuck any rogue html into a string?
This would work, but not allow anyone to use "<":
This would work, but not allow anyone to use "<":
PHP Code:
// Returns TRUE if string does not contain html
function CheckHTML( $string )
{
if ( strstr( "<", $string ) == FALSE ) { return TRUE; }
else { return FALSE; }
}
Comment