PHP MYSQL
HOW TO REMOVE HTML TAGS IN PHP MYSQL
review_id | int(255) PRIMARY KEY review_name | varchar(255) review_text | text
DUMMY REVIEW TABLE
01
THE INSERT SQL STATEMENT $stmt = $pdo->prepare(" INSERT INTO `reviews` (`review_name`, `review_text`) VALUES (?, ?)");
PHP INSERT INTO DATABASE
02
CONNECT TO DATABASE $pdo = new PDO( "mysql:host=HOST;dbname=NAME;". "charset=utf8", USER, PASSWORD);
PROBLEMATIC REVIEW POST
03
HIDDEN SCRIPT INSERTION $_POST = [ "name" => "Le Hackr", "text" => "<strong>Good product! </strong> <p>Foo Bar</p> <script>alert('POO PAR')</script>" ];
REMOVE HTML TAGS (A)
04
TO STRIP ALL HTML TAGS $stmt->execute([ $_POST["name"], strip_tags($_POST["text"]) ]);
SELECTIVELY ALLOW SOME TAGS $stmt->execute([ $_POST["name"], strip_tags($_POST["text"], "<p> <strong>") ]);
REMOVE HTML TAGS (B)
05
REMOVE HTML TAGS (C)
06
OR CONVERT TO HTML ENTITIES $stmt->execute([ $_POST["name"], htmlentities($_POST["text"]) ]);