How to filter all html tags from each _GET and _POST request

Submitted by Anonymous (not verified) on Mon, 01/18/2010 - 12:41

If you have a small website which uses php and accept just plain text from users or visitors you need to filter each request to be sure that nobody sends html to hack your site. I put following two lines at the top of my php file. Of course you can add the third line for cookies.


foreach($_GET as $k=>$v) $_GET[$k] = strip_tags($v);
foreach($_POST as $k=>$v) $_POST[$k] = strip_tags($v);

Add new comment