once way to get infromation from users is throught the use of form. When receiving input from user you must be ready for a number of visitors who will try to enter nonses, bougus or fake information values either because they are not awared or because of malice. for example, if your form ask a number, make sure the number -1 is not allowed. PHP has a very useful function you can use to prohibit or disallow HTML tags from. the htmlspecialchars() is useful when you have forms in forums or guestbooks for example, there are spammers who pray on these type of form only to put malicious code into your pages.

one way to restric html or javascript tags in php, is by detecting if html tags are being entered. this would be a example: if i input the following into a form: <a href="mydomain.com">bad link</a>, i could delete this part of the submit with the folllowing code:

CODE:
$input = ereg_replace("<.*>","",$input);


with the sample code above, you removed all the html or php or javascript tags that a malicious person would have entered.