Hi,
On my website I have a form that allows people to post comments. There is also a page that displays all these comments. The database is quite simple - it records the userID, the date, time and the message itself which is stored in a memo field.
The problem occurs if someone posts code into the database. For example if I enter the code for an iframe when someone views the comments page they could be looking at someone else's website. I could also post a tag which would redirect the user to another website.
What is the best way round this? Basically I would like to remove all tags, scripting and so on.
Thanks very much
Ed
On my website I have a form that allows people to post comments. There is also a page that displays all these comments. The database is quite simple - it records the userID, the date, time and the message itself which is stored in a memo field.
The problem occurs if someone posts code into the database. For example if I enter the code for an iframe when someone views the comments page they could be looking at someone else's website. I could also post a tag which would redirect the user to another website.
What is the best way round this? Basically I would like to remove all tags, scripting and so on.
Thanks very much
Ed
,">",">")