I was attracted to dynamic web language like PHP and later on ASP.NET for the sake of its interactivity.
To do that user input is extremely important. Basically it’s done by taking user’s input through text boxes and after that a click on a button posts that texts to server to do the rest of the tricks.
But there is a thin line exists between a good user and a bad user. Someone might try to inject some malicious codes through text boxes to the server and that would ultimately attack the data bank of the site.
What can be done?
In ASP.NET, it’s done differently.
In PHP, today I found str_tags() function which can do the magic.
Let me see the pages first, how it looks:
We tried to inject <b></b> code but the result comes out as:
Now the code part:
echo “Your name is : “;
$text = strip_tags($_REQUEST[“name”]);
- I did not mention the HTML part as it was quite evident, the input was taken from the textbox.