Security concern with Gii code

I have this gii generated crud page of user creation and when I put the below code in first name field

<script type="text/javascript">window.location ='';</script>

the record is processed without any error but there is no record inserted in the table and when I open the index page it redirects to



I want to prevent users from entering such data as I wish to setup a demo for the project and didn’t want users entering such data.

Also I want to know how can I make my buttons url safe from any unwanted redirecting to different websites.

any help is much appreciated,