How to block all html and javascript tags in text input?
My code is:
$pav = stripslashes($_POST['pavadinimas']);
$pav2 = mysql_escape_string($pav);
But it doesn't block html and javascript tags
Remove both these calls: stripslashes() does nothing good here, and mysql_real_escape_string() should be used only before data is inserted into a mySQL query.
Do either htmlspecialchars() (if you want to preserve the HTML source code, but make the tags visible) or strip_tags() (to just vanish the HTML).
You must use htmlspecialchars() or strip_tags()(for remove and not convert)
$html = "<b>Test</b> <strong>Lol</strong>";
echo htmlspecialchars($html);