check comment for html


Posted on 16th Feb 2014 07:03 pm by admin

hi, I just wanted to check if a comment a user posts contains HTML, and if it does, to not allow it to be posted.

this is my current php, any help would be very much appreciated! thanks.


Code:
<?php

$comment=$_POST['comment'];
$name=$_POST['name'];
$email=$_POST['email'];
$website=$_POST['website'];
$date=date("y/m/d h:i:s");

if($name && $email && $comment){

$sql="INSERT INTO `comments` (`name`, `email`, `website`, `articleid`, `comment`, `datetime`) VALUES ('$name', '$email', '$website', '$id', '$comment', '$date')";
$result=mysql_query($sql) or die(mysql_error());


if($result){


echo "Your comment was posted succesfully on the article n";
echo $rows['title'];
echo '<p><a href="view_article.php?id=';
echo $id;
echo '">Click here to go back to the article.</a></p>';
}else {
echo "Sorry, your comment could not be posted. Please make sure you fill in all the fields marked with *.n";

}
}else {
echo "Sorry, your comment could not be posted. Please make sure you fill in all the fields marked with *.n";
}
?>

No comments posted yet

Your Answer:

Login to answer
173 Like 11 Dislike
Previous forums Next forums
Other forums

retrieving policy name inside the function called by this particular policy
Hi there,

I've playing around with dbms_rls package, trying to set up some security repo

DataTable Help Required
Hi all I am creating an app that utilises and MS Access back end and queries it quite a bit at vario

Timer control causing error
I recently decided to add a timer control to an existing page that uses AJAX on my site. As soon as

insert quotes
Hi,

I have an output like this:
Code: john,18,Cancer
How can I change this to
Code:

Help: problem with Headers to download PDF file
Hi,

I'm trying to implement a script where when a user clicks a link he gets a PDF file to op

registration form
first time posting. did some searches but didnt find exactly what i am looking for. dont flame cause

Functions Not Loading Into Div
I had some help doing some of this but what I'm trying to do is get my functions to retrieve its val

Error querying database.
I get the above error when trying to insert some values to a datatable.
Here's the code :

Include with Parameters
In a particular page I would like to include a file that requires $_GET parameters.

when I go

Alternate messaging
I have 4 strings in MySQL db1

$string1 : Hello
$string2 : Hi
$string3 : Great
$strin

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash