O'Reilly logo

PHP and MySQL for Dynamic Web Sites: Visual Quickpro Guide, Second Edition by Larry Ullman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Handling HTML

HTML is simply plain text, like <b>, which is given special meaning by Web browsers (as by making text bold). Because of this fact, your Web site’s user could easily add HTML or JavaScript to their form data, like the comments field in the previous example (Figure 10.8). What’s wrong with that, you might ask?

Figure 10.8. The malicious and savvy user can enter HTML, CSS, and JavaScript into text inputs.

Many dynamically driven Web applications take the information submitted by a user, store it in a database, and then redisplay that information on another page. Think of a forum, as just one example. At the very least, if a user ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required