I am currently programming on my website www.lupaw.ch
and I stumbled about a potential security problem.
I've made a login system for my admin account so I can edit the text of the website right while using it. Now for editing and adding new posts I've made some textfields so I can add a new title text and date to the site. Theoretically no one else except me should be able to even use those edit buttons I've made, because they are only created while logged in.
It still bothers me though that if I edit the Textarea and write Html styling code in there it actually gets looked at as code so if I write for example: <h1 style="font-family: Arial"> text <h1> it saves this on the mysql server and then on the website the displayed text actually is displayed with the font-family Arial. So is there a good way that it is not possible to write working code in a textarea or in other words is there a way so the textarea gets looked at as normal text without trying to find pieces of program code in there?
Like a way so it automatically puts a \ before everything that could be interpreted as code?
Thanks for taking time to answer me.