不允许用户在输入中输入 HTML 标签 [英] Don't allow user to enter HTML tags in input

问题描述

我有一个允许用户输入文本的输入，然后使用 PHP 将其发送到另一个页面，并存储在数据库中.我做了一些简单的验证(检查输入是否为空)，效果很好.但是，我发现我可以输入 HTML 标签，例如

I have an input which allows users to enter text, which is then sent using PHP to another page, where it is stored in a database. I have done some simple validation ( checking if the input wasn't empty), and that works pretty well. However, I found out that I can type in HTML tags, such as

<p>

它绕过了该验证并弄乱了输入.

and it bypasses that validation and also messes up the input.

如何检查输入是否包含 HTML 标签，如果包含，返回错误?

How can I check if the input contained HTML tags, and if so, return an error?

推荐答案

要检查试试这个:

if( preg_match('#^<.>.+</.>$#', $your_value) ){
    echo "NOT GOOD";  // and some error too
}

这篇关于不允许用户在输入中输入 HTML 标签的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！