Writing HTML / PHP Code inside an input/Textarea

I have found out that if a user writes in an input php/HTML code the code will excecute in my admin panel. Can this damage my system ? And if yes how can I disable it?

I will appreciate any answers!

Answer

You can remove HTML and PHP tags with

<?php
$text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>';
echo strip_tags($text);
echo "n";

// Allow <p> and <a>
echo strip_tags($text, '<p><a>');
?>

JavaScript
​x
 
<?php$text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>';echo strip_tags($text);echo "n";​// Allow <p> and <a>echo strip_tags($text, '<p><a>');?>​​

result:

Test paragraph. Other text
<p>Test paragraph.</p> <a href="#fragment">Other text</a>

JavaScript
 
Test paragraph. Other text<p>Test paragraph.</p> <a href="#fragment">Other text</a>​

source: https://www.php.net/manual/pt_BR/function.strip-tags.php

Advertisement

Answer