For Q1. You could pass the data that they enter through a paser, that delimits out the <...> tags by placing '!--' after any '<' and '--' before and '>', this will stop this text being viewed as html. Or jusr remove the tags or allow cetain tags and remove any that aren't in the allowable ones!
Cheers Simon ----- Original Message ----- From: "Brian McSweeney" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 14, 2003 11:49 AM Subject: two little questions > Question1: > > If my application allows users to enter text which will then later be > displayed on > web pages, do I have to ensure that the text they write isn't html. For > example, > lets say a message board application. If a user enters in loads of text > which is > html, will this not mess up the page when it is displayed? If so, how do > people > check for this. > > Question2: > > If I want my app to be able to allow users to enter text in any language > - eg, > multi-lingual message boards, do I have to configure my database to be > able to > handle multiple language types, or should it just work. > > Thanks for any replies, > Brian > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
