I am simply inserting the text that you write in the textarea in mySQL without using any extra method to protect my site... Actually i just made a test wrote the html code that creates a input textbox to the textarea and saved it into mysql, which prints me the component on the page...
How can i make it write secure content on textarea that does not allow you to write html tags or smth, I just wanna increase the security of my site.
Thanks
if $textarea contains your textarea value,you can do $db_value = mysql_real_escape_string(strip_tags(trim($textarea))) and insert $db_value to the database.
strip_tags strips the text of html tags and mysql_real_escape_string encodes special characters and makes it safe to insert into a database...
for mysql_real_escape_string: check http://php.net/manual/en/function.mysql-real-escape-string.php
for strip_tags check: http://www.php.net/manual/en/function.strip-tags.php
Try to use Prepared Statements
http://php.net/manual/de/mysqli.quickstart.prepared-statements.php
And remove all unwanted chars from the given text and finally use mysql_real_escape_string to escape the string for MySQL.