Use htmlspecialchars($_POST['firstname']) and htmlspecialchars($_POST['content']).
Always escape strings with htmlspecialchars() before showing them to the user.
More Related Contents:
- Syntax error unexpected '<' [duplicate]
- HTML Form/PHP connected but MySQL is empty
- xss attack on a php page
- PHP Upload fails for Video but not Image [closed]
- w3 schools form tutorial doesnt send email
- (PHP) Warning: file_get_contents() [function.file-get-contents]: couldn’t resolve host name
- Get $_POST from multiple checkboxes
- Multiple inputs with same name through POST in php
- How to read if a checkbox is checked in PHP?
- method=”post” enctype=”text/plain” are not compatible?
- Understanding the “post/redirect/get” pattern
- HTML input arrays
- POST an array from an HTML form without javascript [duplicate]
- Best way to avoid the submit due to a refresh of the page
- Submit an HTML form with empty checkboxes
- PHP POST not working
- How to prevent multiple inserts when submitting a form in PHP?
- How to add a delete button to a PHP form that will delete a row from a MySQL table
- PHP form – on submit stay on same page
- Why is textarea filled with mysterious white spaces?
- CodeIgniter – why use xss_clean
- getting a checkbox array value from POST
- Storing Form Data as a Session Variable
- GET vs. POST Best Practices
- How to place two forms on the same page?
- PHP $_POST not working? [duplicate]
- Parsing multipart form data
- Simple form not sending data via _POST [duplicate]
- navigate back with PHP form submission
- HTML form PHP post to self to validate or submit to new page