sabbatical!
New Member
What is the most secure way to stop users adding html or javascript to a field. I am adding a youtube style 'description' where users can explain their work but I don't want anything other than plain text in there and preferable none of the htmlentities rubbish like '<' or '>'.Could I do something like this:\[code\]$clean = htmlentities($_POST['description']);if ($clean != $_POST['description']) ... then return the form with an error?\[/code\]