• Use stripslashes to remove any added \ made by the php server
  • Use htmlspecialchars to avoid any special chars being taken as html tags.


$yname = stripslashes($_REQUEST[you]);
$yourname = htmlspecialchars($yname);

$ynationality = stripslashes($_REQUEST[nationality]);
$yournationality = htmlspecialchars($ynationality);

<title>This is an IO demo</title>
<body bgcolor=#88CCFF>
<h1>Input and Output</h1>
<tr><td>Please enter your name <td><input name = you value="<?= $yourname ?>">
<tr><td>Please enter your nationality <td><input name = nationality  value="<?= $yournationality ?>">
<input type=submit>

if ($yourname){
print <<<END
Previous entry:<br>
<li>name: $yourname <br>
<li>nationality:  $yournationality <br>


-- PeterJones - 08 Nov 2006
Edit | Attach | Watch | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2006-11-08 - PeterJones
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Main All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback