 Okay, we've been working on form submits with PHP and submitting stuff with HTML to PHP. But you need to be careful whenever you're allowing users to submit information to your site. Now, the example we've been doing just basically re-displays what they input back out to themselves, which can be dangerous in some cases if you're not careful. But in most cases, that's not a huge deal. Becomes a little more of a threat in my opinion when it's throwing something that other people are gonna view or just stuff that's gonna be stored on your site for later use. And here's an example. I mean, it can be useful in some ways. So we have our basic form here that does a post submit. We got entering the username and a phone number and we click submit and it says Chris's phone number is 555-5512. That's fine, but if the user was to input something like this, which is a basic, a very simple HTML tag, we'll make that a little bigger so you can see, of B for bold. When I submit, you can see, what did I do? That should be a forward slash submit. You can see that the name is bold. And of course, if I left off that tail one, it makes everything bold. So it looks a little more bold, I think, when I minimize it. That's why I made it a little bit smaller there. But here's another example. It can throw off the formatting of your site if they were to put in HTML tags for headers. So header one, header one, submit, and now it's throwing it off like that. And so if this is gonna be saved, maybe a database or something, and then later on displayed for other users, it could screw up the whole look of your website. So you may not want them to submit tags. They could also submit some malicious stuff that causes popups, alert boxes, redirects, or just links to sites that you may not want them to go to. So a simple way of fixing this is PHP has a built-in function for removing HTML tags. So let me go down here into my terminal here, and I'm going to use Vim once again. I'm going to edit the PHP file that we are submitting to. So post.php in this particular case. Once again, I'm using Vim as my text editor. Use whatever text that you're comfortable with. And right here you can see that we're using, we're saying set a variable of user and set equals whatever post and user is. And saying a new variable, phone, whatever the post submit of phone is. And in this case, user equals this with the HTML tags. You could one by one go and remove all of the HTML tags using strip, but you can very conveniently replace all of them in one simple command. So in this case, we're going to do post, but you do the same exact thing with get. You just change the word post to get. So we're going to say dollar sign underscore post. So we're setting post, which is an array, to whatever we're going to equal over here. So we're going to say dollar, sorry, array underscore map, whoops, map. And then in parentheses here and ending our command with a semicolon, we're going to say strip tags, comma, and then we're comma. And then we're going to give it the input of the array that already exists. So what we're doing here is, once again, we're going to create an array called post. Now there already is an array called post, which is the submitted information. Each variable is part of that array. What we're gonna do is we're gonna map that array and use the strip tags command and we're gonna strip it from the existing posts. So basically looking at this backwards, we're gonna say, okay, look at all the submitted posts. Strip those any HTML tags from there and then remap that array into this array, which is replacing the old array. So that's all we have to do. And from here on out, it's going to work the same except for all the HTML tags have already been stripped. So if I save that and submit this form again, you can see it no longer has that issue with the header tags screwing up the page or possible malicious HTML or maybe some JavaScript or something in there that could redirect pop-ups, that sort of stuff. So this is a good idea. Anytime you're doing a form submit, I usually do this as my first line, whether it's a post or get it. Once again, if it's a get submit, you're just gonna change this to be get and this to be get. And it's just replacing every variable with itself but without HTML tags. So that's it for this little tutorial. I hope you found that useful. Definitely very important thing to do. Another thing we're gonna be looking at soon is special HTML characters that can screw up your page. And there's a special command for that as well. So look forward to that tutorial. I hope you're enjoying these tutorials. Once again, always like, comment, subscribe so you don't miss anything. Be sure to check out this entire playlist if you haven't. Hopefully there's an annotation somewhere. And visit my site, filmsbychrist.com. That's Chris with a K. There should be a link in the description. You can search through my playlists and videos there. So once again, thank you for watching and I hope that you have a great day.