sanitize - how to remove html and javascript from input field before sending to server -


<form action="process_reg.php" method="post" name="register_form" id="register_form">         <input class="logbar" id="fname" name="fname" type="text" placeholder="firstname" onfocus="checkfname();  return true;" onblur="leavefname();"  required>         <span id="fnamemessage"></span>         <input class="logbar" id="lname" name="lname" type="text" placeholder="lastname" onfocus="checklname();  return true;" onblur="leavelname();"   required>         <span id="lnamemessage"></span>         <input class="logbar" id="email" name="email" type="text" placeholder="email" onfocus="checkemail();" onblur="leaveemail();" required>         <span id="emailmessage"></span>         <input class="logbar" id="password" name="password" type="password" placeholder="password" keyev="true"  required >         <input class="logbar" id="password2" name="password2" type="password" placeholder="confirm password" onkeyup="checkpass(); return false;" required>         <span id="confirmmessage" class="confirmmessage"></span>         <input value="logga in" type="button" onclick="formhash(this.form, this.form.password);" id="register"> </form> 

and sanitize/xss protection applied on form given

if (empty($_request) === false) {     $regemail1 = filter_input('input_request', 'email', 'filter_sanitize_email');     $regfirst1 = filter_input('input_request', 'fname', 'filter_sanitize_special_chars');     $reglast1 = filter_input('input_request', 'lname',  'filter_sanitize_special_chars');      $regpass = $_post['p'];      $regemail = htmlspecialchars($regemail1);     $reglast = htmlspecialchars($reglast1);     $regfirst = htmlspecialchars($regfirst1);      $regemail =     } 

when enter hi perfect in way stop function of tag. want send text database , remove other things.

the value being send server in sample bellow ever input field, don't send html server.

<input class="logbar" id="password" name="password" type="password" placeholder="password" keyev="true"  required > 

you check getting in server printf, echo


Comments

Popular posts from this blog

php - regexp cyrillic filename not matches -

c# - OpenXML hanging while writing elements -

sql - Select Query has unexpected multiple records (MS Access) -