It's not exactly what you want, but you might check out the Validator class at http://www.thewebmasters.net/php/Validator.phtml It's got alot of checks in it including a strip_html and has_html call. Dave Royer On 02 Aug 2001 23:31:15 -0500, Ben Luey wrote: > I'm writing a php page that will display user input from a form on a page. > Is there a program that I can run the user input through to make sure it > isn't malious: > > <? > do_bad_stuff(now); > ?> > > or stupid html syntax errors that will mess up the look of the rest of the > page: > > <H1>blah blah .H1> > > I'd rather no block all html (ie just delete all < and >), but maybe only > allow color, size and bold type stuff (frames could be annoying :) ) > > > Thanks, > > Ben > > > _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-linux.org/mailman/listinfo/tclug-list