Login

scalar1 · 05-12-2016, 12:52 AM

when writing " onmouseover=prompt(986271) bad=" in a form text element and the form does not validate,
you get a prompt.

How can I prevent this?

see:
[Image: b2j5jdA.png]

CINewb · 05-12-2016, 05:17 AM

Output the value of the form element either like this:

<input type="text" name="email" value="<?php echo html_escape($email); ?>" />

Or like this

<input type="text" name="email" value="<?php echo set_value('email'); ?>" />

Either method will escape your data for output to the screen.