To prevent hackers in PHP


I was attracted to dynamic web language like PHP and later on ASP.NET for the sake of its interactivity.

To do that user input is extremely important. Basically it’s done by taking user’s input through text boxes and after that a click on a button posts that texts to server to do the rest of the tricks.

But there is a thin line exists between a good user and a bad user. Someone might try to inject some malicious codes through text boxes to the server and that would ultimately attack the data bank of the site.

What can be done?

In ASP.NET, it’s done differently.

In PHP, today I found str_tags() function which can do the magic.

Let me see the pages first, how it looks:

We tried to inject <b></b> code but the result comes out as:

Now the code part:

  • <?php


    function handle_data()

    echo “Your name is : “;
    $text = strip_tags($_REQUEST[“name”]);
    echo $text;



  • I did not mention the HTML part as it was quite evident, the input was taken from the textbox.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s