Avoid "hacking" on text field forms? .. NO html allowed or anything else?

[rrgerman]

On my website, user can edit their profile through a form that allows them to enter their age, name, location and information about them....

I was wondering how can i avoid javascript, html or any type of coding and just make them plain text?

Because i was visiting a site one day and a pop up message appeared with a dumb text, and then i researched and found out that this person used  <script type="text/javascript">alert("blah");</script>

I dont want to happen on my website because that is just a simple alert box but people with more knowledge could do more harm than that

[Smokey PHP]

Hi there,

In the php that deals with the form submission, clean the $_POST variables with addslashes() and strip_tags() before storing them in your database

[rrgerman]

Thank you very much! And last question. When it's a text area, multi-line. How can I make it display with rows in case the user hits tab and writes a description with paragraphs? Right now it just displays it as a whole chunk all together

[rrgerman]

I man, when the user hits ENTER

[Smokey PHP]

You can use a php function nl2br:

PHP Code: [Select]

echo nl2br($_POST['textarea']);

[rrgerman]

AWESOME!, 

You rock! thanks!