sanitize - how to remove html and javascript from input field before sending to server -
<form action="process_reg.php" method="post" name="register_form" id="register_form"> <input class="logbar" id="fname" name="fname" type="text" placeholder="firstname" onfocus="checkfname(); return true;" onblur="leavefname();" required> <span id="fnamemessage"></span> <input class="logbar" id="lname" name="lname" type="text" placeholder="lastname" onfocus="checklname(); return true;" onblur="leavelname();" required> <span id="lnamemessage"></span> <input class="logbar" id="email" name="email" type="text" placeholder="email" onfocus="checkemail();" onblur="leaveemail();" required> <span id="emailmessage"></span> <input class="logbar" id="password" name="password" type="password" placeholder="password" keyev="true" required > <input class="logbar" id="password2" name="password2" type="password" placeholder="confirm password" onkeyup="checkpass(); return false;" required> <span id="confirmmessage" class="confirmmessage"></span> <input value="logga in" type="button" onclick="formhash(this.form, this.form.password);" id="register"> </form>
and sanitize/xss protection applied on form given
if (empty($_request) === false) { $regemail1 = filter_input('input_request', 'email', 'filter_sanitize_email'); $regfirst1 = filter_input('input_request', 'fname', 'filter_sanitize_special_chars'); $reglast1 = filter_input('input_request', 'lname', 'filter_sanitize_special_chars'); $regpass = $_post['p']; $regemail = htmlspecialchars($regemail1); $reglast = htmlspecialchars($reglast1); $regfirst = htmlspecialchars($regfirst1); $regemail = }
when enter hi perfect in way stop function of tag. want send text database , remove other things.
the value being send server in sample bellow ever input field, don't send html server.
<input class="logbar" id="password" name="password" type="password" placeholder="password" keyev="true" required >
you check getting in server printf
, echo
Comments
Post a Comment