Don't allow user to enter HTML tags in input

Question

I have an input which allows users to enter text, which is then sent using PHP to another page, where it is stored in a database. I have done some simple validation ( checking i

Answer 1

You could do this:

That ensures only letters and numbers can go in and wont submit if anything else is inside the input.

However, this is only good client side and will only work for IE9+

This is also not the best method for validation if someone knows what they're doing. All they have to do is go into the source code to take out the pattern attribute, but for those who don't know, it will be fine.

For the PHP, you can use strip_tags(). Found here