I require users registering a password to use at least one special character. Passwords can be up to 20 characters long. When gathering password from POST, I think <> tags will be removed. Am I correct about that?
Also are there any special characters that could pose a security risk and should not be allowed? In other words could someone write code into the password input field and what characters would they use? Keep in mind the max length is 20 characters.
$password = trim(strip_tags($_POST['password']));