4 Replies Latest reply on Dec 15, 2006 5:16 PM by coldfuse228

    How to stop html injection

      Hi, I have a form that has a input box for a name. The user can put in anything they want, I even allow them to put in something like '<input name=lastNametype='text'></input>'. My question is how can I decode or encode this html so that when I display this text it will not display a text box but instead just display the text '<input name=lastNametype='text'></input>' Any sample code of this?

      Thank you so much for your help,