Prohibit the posting of HTML in textarea form field

I have a text area where a user can define a post开发者_如何学运维. This field should allow BBCODE but not HTML.

Currently HTML is allowed but it should not be.

How can I disallow HTML tags to be posted by the user?

There are two main choices here. You can either escape the HTML, so it's treated as plain text, or you can remove it. Either way is safe, but escaping is usually what users expect.

To escape, use htmlspecialchars() ^[docs] on the input, before you process the bbcode.

echo htmlspecialchars("<b>Hello [i]world![/i]</b>")

<b>Hello [i]world![/i]</b>

To remove the HTML tags entirely, use strip_tags() ^[docs] instead:

echo strip_tags("<b>Hello [i]world![/i]</b>")

Hello [i]world![/i]

I think you should use strip_tags() it will strip html tags & preserve the text but leave BBcode.