RE: [PHP] Preventing users from inserting malicious HTML into comments

> -Original Message- > From: Dotan Cohen [mailto:[EMAIL PROTECTED] > Sent: Monday, November 06, 2006 3:24 PM > > I'm setting up a comments system on a site, with the comments stored > in a mysql database. To prevent sql-injection, I run > mysql_real_escape_string() on ingoing data. This s

[PHP] Preventing users from inserting malicious HTML into comments

I'm setting up a comments system on a site, with the comments stored in a mysql database. To prevent sql-injection, I run mysql_real_escape_string() on ingoing data. This should be enough to protect the database (tell me if otherwise), but I'd like to prevent people from posting Javascript and oth