Menu
Hello all, quick question hopefully.
I’m inserting data into MySQL, one of the rows is the “description” row, in my insert file it looks like this:
[code=php]$description = mysql_real_escape_string(strip_tags($_POST[‘description’], ‘<p><i><ul><ol><li><b>’));
I am able to insert html tags, and as you all can see, it is supposed to only allow those tags listed in the variable, its my first time using strip_tags so I got curious and I inserted an h1 tag and it did pass it to the DB, isn’t this script supposed to block that h1 tag or any other tag not listed in there for that matter?
Thanks in advance for any help provided ?