PHP - Make chat on own server "safe"

(Deutsche Version) Realising a chat with PHP is not difficult. After a short time one should recognize that this chat can also execute HTML code (e.g. images). This means that PHP code can be executed, too. This is a huge security issue, anyone could format the hard drive of the server or anything else.

To prevent any execution of code, you can do the following: Before displaying the chat message, replace every < Symbol with the HTML equivalent. This is <. In PHP this can be realised this way: $chatMessage = str_replace("<", "&lt;", $chatMessage);. Now no PHP and HTML code can be executed anymore. If you want to allow several HTML tags (image, link), you could try to detect this and then not replace the < Symbol.