Handling HTML
HTML is simply plain text, like <b>, which is given special meaning by Web browsers (as by making text bold). Because of this fact, your Web site’s user could easily add HTML or JavaScript to their form data, like the comments field in the previous example (Figure 10.8). What’s wrong with that, you might ask?
Figure 10.8. The malicious and savvy user can enter HTML, CSS, and JavaScript into text inputs.
Many dynamically driven Web applications take the information submitted by a user, store it in a database, and then redisplay that information on another page. Think of a forum, as just one example. At the very least, if a user ...
Get PHP and MySQL for Dynamic Web Sites: Visual Quickpro Guide, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
