I have a sort of system where everybody can type whatever he wants. Though, they can also seem to use tags like <img SRC="..."/> , <a href="..."></a> etc.
How could you exactly prevent this? So as example, if someone types in <h1>Hello</h1> the text won’t get big, but it would just show <h1>Hello</h1>.
If it’s not possible to do this please give me an alternative.
Advertisement
Answer
To make the HTML display as written, you need to “escape” the special characters &, < and > using htmlspecialchars().
Alternatively, you could remove all the tags and display the remaining text using strip_tags()