FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » BB type posting - is this secure?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: BB type posting - is this secure? [message #176398 is a reply to message #176391] Fri, 30 December 2011 15:01 Go to previous messageGo to previous message
Michael Joel is currently offline  Michael Joel
Messages: 42
Registered: October 2011
Karma:
Member
On Fri, 30 Dec 2011 10:59:46 +0100, "Álvaro G. Vicario"
<alvaro(dot)NOSPAMTHANX(at)demogracia(dot)com(dot)invalid> wrote:

> El 29/12/2011 23:45, Michael Joel escribió/wrote:
>> I am allowing posts to the page and wanted to see if this is secure.
>>
>> data from sql is placed in an array (say $MyArray):
>>
>> $MyArray["Post"] = nl2br(stripslashes($MyArray["Post"]));
>
> .......... SNIP ................


Sorry I did not make it clear.

stripslashes is used as it comes out of the db, addslashes are used as
it goes in (but as mention mysql_real_escape_string is to be used).

Someone else also claimed the strip_tags($MyString, "<br>");
will strip <br> - but it does not. Maybe it will <br /> but then just
change it to "<br><br />"

the right parameter is to provide exception tags.

Thanks for all the information-
Mike
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Help with script that retrieve remote files
Next Topic: Give me the names of some CRM php projects
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 23 01:52:17 GMT 2024

Total time taken to generate the page: 0.02925 seconds