Don't use strip_tags! If a user tries to enter something like The bob said <the-secret>
, it will be stripped! htmlentities
is unnecessary. You want htmlspecialchars
:
$input = "<script>alert('ur screwed')</script>";
echo htmlspecialchars($input);
Returns <script>alert('ur screwed')</script>
. Decode with htmlspecialchars_decode
.