function validateInput($input) {
//check if input is empty
if(empty($input)) {
return false;
}
//check if input is a string
if(!is_string($input)) {
return false;
}
//check if input contains html tags
if(strpos($input, '<') !== false || strpos($input, '>') !== false) {
return false;
}
//check if input contains comments
if(strpos($input, '<!--') !== false || strpos($input, '-->') !== false) {
return false;
}
//return true if all checks pass
return true;
}
//example
$result = validateInput('<h1>Hello World</h1>');
//output
echo $result; //false
hackerss
Posted on
Php Validate input string for cross site scripting
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (0)