Basically, someone on my site can type in things like <br> or <div> and really screw everything when their comment is show. (it's a comment system). Worse yet, they can probably input javascript code or soemthing malicious and it will just be rendered! Well.. I basically tell the site to SELECT FROM comments, echo row[1];........... Using MySQL here. that's not the exact syntax but you get the idea. So what I want to know is, is there something better to use that won't allow WHATEVER they typed to actually be thought of as Code? Instead, just treat everything like plain old text?
I hope you understand what I mean.
I hope you understand what I mean.