Possible Duplicate:
What’s the best method for sanitizing user input with PHP?
Preventing XSS with PHP
I own a database with old php forums, and I have a textarea that I want to harden from the XSS.. I am new in that field..
The textarea is defined as :
<textarea name="information" cols="60" row="4" id="infoid" > < /textarea>
What should I add to prevent it from taking " < , >" symbols ???
Why not take anything that comes your way? Convert and escape those characters. i.e < is converted to < etc. That will keep the punters happy AKA the people paying the cash.
Also it is trivial see htmlspecialchars