Posted on 2009-04-01
I have question concerning textarea,
I have a form on my web page.
When my users submit what they write, the message comes without any linebreak. There is no paragraph or breakline.
Why? I write to myself, I use paragraph, but mail comes without any <br> or <br/> <p> although I do not replace it with anything for SQL injection.
Because I do not insert the message to my tables itself.
I use a replace function for SQL injection, I check all the textfield except the message part because I do not insert it to my table.
Do you think textarea could be harmful for my website? if it could be how?