Keep HTML from being entered into database via a text field

I need to prohibit the entry of HTML into my database by users to my website. Right now they can enter HTML into a text area I use as a comment box then it shows up when the record is displayed. I was told about a strip_tags function but I don't know exactly where to place it. Is there a function in Data Assist that does this automatically?

You can run the strip_tags on the value being inserted into the database. So whatever is being inserted, you can call strip_tags on it right before its getting inserted.

This is the value I have going into the database


<?php echo ((isset($_POST["commentsbox"]))?$_POST["commentsbox"]:""); ?>

Where exactly do I put the strip_tags and how should it look.

You would put the call around the second $_POST["commentsbox"] in that line of code.

This is the code I am typing into the source that Data Assist generates

((isset($_POST["commentsbox"]))strip_tags ((?$_POST["commentsbox"]:""))

Obviously I am making an error because I am getting the 'unexpected T_string error.

you have to many ")" your code should look like this:

((isset($_POST["commentsbox"]))strip_tags (?$_POST["commentsbox"]:""))

I entered that code and now I get the error

Parse error: parse error, unexpected T_STRING in C:\Inetpub\vhosts\comicracy.ieasysite.com\httpdocs\0111\6-cc.php on line 127

Here is the full block of code that Data Assist Generates with the strip tags added

<?php
// WA Application Builder Insert
if (isset($_POST["submit"])) // Trigger
{
$WA_connection = $con2com;
$WA_table = "comments";
$WA_sessionName = "comments_ID";
$WA_redirectURL = "../messagesent.php";
$WA_keepQueryString = true;
$WA_indexField = "ID";
$WA_fieldNamesStr = "USERNAME|COMMENTER|PAGE|COMMENTS|USERIDENT|COMMIDENT";
$WA_fieldValuesStr = "".$row_Recordset1['username'] ."" . "|" . "".((isset($_POST["COMMENTORNAME"]))?$_POST["COMMENTORNAME"]:"") ."" . "|" . "".((isset($_POST["website"]))?$_POST["website"]:"") ."" . "|" . "".((isset($_POST["commentsbox"]))strip_tags (?$_POST["commentsbox"]:"")) ."" . "|" . "".$row_Recordset1['ID'] ."" . "|" . "".((isset($_POST["ICON"]))?$_POST["ICON"]:"") ."";
$WA_columnTypesStr = "',none,''|',none,''|',none,''|',none,''|',none,''|',none,''";
$WA_fieldNames = explode("|", $WA_fieldNamesStr);
$WA_fieldValues = explode("|", $WA_fieldValuesStr);
$WA_columns = explode("|", $WA_columnTypesStr);
$WA_connectionDB = $database_con2com;
mysql_select_db($WA_connectionDB, $WA_connection);
if (!session_id()) session_start();
$insertParamsObj = WA_AB_generateInsertParams($WA_fieldNames, $WA_columns, $WA_fieldValues, -1);
$WA_Sql = "INSERT INTO `" . $WA_table . "` (" . $insertParamsObj->WA_tableValues . ") VALUES (" . $insertParamsObj->WA_dbValues . ")";
$MM_editCmd = mysql_query($WA_Sql, $WA_connection) or die(mysql_error());
$_SESSION[$WA_sessionName] = mysql_insert_id();
if ($WA_redirectURL != "") {
if ($WA_keepQueryString && $WA_redirectURL != "" && isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] !== "" && sizeof($_POST) > 0) {
$WA_redirectURL .= ((strpos($WA_redirectURL, '?') === false)?"?":"&").$_SERVER["QUERY_STRING"];
}
header("Location: ".$WA_redirectURL);
}
}
?>

apologies the code should read:

((isset($_POST["commentsbox"]))?(strip_tags($_POST["commentsbox"])):"")

That did the trick. Thank you very much!