$user_input = $_POST['input_field']; if(isCleanHtml($user_input)){ //save input to database or display it on page }else{ //show error message to user }
$html = ""; if(isCleanHtml($html)){ echo "$html"; //this will not execute any script }else{ //show error message or replace with safe HTML }The isCleanHtml function is not part of the core PHP library, but can be implemented through various packages and libraries, such as: - HTML Purifier: http://htmlpurifier.org/ - OWASP PHP Security Project: https://owasp.org/www-project-php-security/ - PHP Input Filter: https://github.com/fkooman/php-input-filter