input. We will discuss the dangers of displaying unfiltered output
and then provide a safe means of displaying formatted output. Download the attachment and extract it into
your web documents directory.
Dangers of Unfiltered Output
in their comment like:
Even if the user had no bad intentions, they may accidentally put some
HTML that breaks your site layout. For example if you displayed the
user’s input in a table and they included an improperly nested </table>
tag, your page appears broken.
Displaying Plain Text Only
Using the htmlspecialchars() function, you convert all the special
characters into HTML entites. For example <b> would become
turning it into text instead of an HTML tag. This guarantees that
there are no HTML markups in the comment that would produce unwanted output.
plain text, but it would be a lot better if you gave them some formatting