I have found out that if a user writes in an input php/HTML code the code will excecute in my admin panel. Can this damage my system ? And if yes how can I disable it?
I will appreciate any answers!
Advertisement
Answer
You can remove HTML and PHP tags with
<?php $text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>'; echo strip_tags($text); echo "n"; // Allow <p> and <a> echo strip_tags($text, '<p><a>'); ?>
result:
Test paragraph. Other text <p>Test paragraph.</p> <a href="#fragment">Other text</a>
source: https://www.php.net/manual/pt_BR/function.strip-tags.php