I created a form that lets visitors input text. Unfortunately it is being abused.
So I used myvar=server.htmlencode("Request.form("textarea"))
and then inserted it into the database.
However I thought this would have stopped malicious input though someone was able to insert html tags including the marquee tag.
Can anyone let me know how I can stop this and even how they were able to get round the server.htmlencode?
thanks.
So I used myvar=server.htmlencode("Request.form("textarea"))
and then inserted it into the database.
However I thought this would have stopped malicious input though someone was able to insert html tags including the marquee tag.
Can anyone let me know how I can stop this and even how they were able to get round the server.htmlencode?
thanks.