FUDforum: comp.lang.php » BB type posting

Home » Imported messages » comp.lang.php » BB type posting - is this secure?

Show: Today's Messages :: Polls :: Message Navigator

Re: BB type posting - is this secure? [message #176384 is a reply to message #176383]

Thu, 29 December 2011 23:14

A
Messages: 17
Registered: June 2011

Karma:

Junior Member

"Michael Joel" <no(at)please(dot)com> wrote in message
news:ptqpf75jh2fra5qfu8jhum3bn4ug6r17ot(at)4ax(dot)com...
> I am allowing posts to the page and wanted to see if this is secure.

> data from sql is placed in an array (say $MyArray):
> $MyArray["Post"] = nl2br(stripslashes($MyArray["Post"]));
> $MyArray["Post"] = strip_tags($MyArray["Post"], "<BR>");
> I notice with this text like <script>alert("hi");</script> is rendered
> as literal so no script is actually recognised.

strip_tags($MyArray["Post"], "<BR>");
doesn't really help because it removes only <BR> tags and not other HTML
tags.

Use htmlspecialchars - it renders all HTML special characters to safe
variants for displaying.

And before inserting them into database use parametrized query to stop all
sql injection.
http://stackoverflow.com/questions/1299182/prepared-parameterized-query-wit h-pdo

Report message to a moderator

[Message index]

		BB type posting - is this secure? By: Michael Joel on Thu, 29 December 2011 22:45
		Re: BB type posting - is this secure? By: A on Thu, 29 December 2011 23:14
		Re: BB type posting - is this secure? By: Curtis Dyer on Thu, 29 December 2011 23:29
		Re: BB type posting - is this secure? By: Michael Joel on Fri, 30 December 2011 04:27
		Re: BB type posting - is this secure? By: Michael Joel on Fri, 30 December 2011 05:29
		Re: BB type posting - is this secure? By: Jerry Stuckle on Fri, 30 December 2011 10:59
		Re: BB type posting - is this secure? By: alvaro.NOSPAMTHANX on Fri, 30 December 2011 09:59
		Re: BB type posting - is this secure? By: Michael Joel on Fri, 30 December 2011 15:01
		Re: BB type posting - is this secure? By: Michael Fesser on Fri, 30 December 2011 18:14
		Re: BB type posting - is this secure? By: A on Fri, 30 December 2011 20:39
		Re: BB type posting - is this secure? By: M. Strobel on Sun, 01 January 2012 18:20
		Re: BB type posting - is this secure? By: Curtis Dyer on Wed, 04 January 2012 07:24

Previous Topic:	Help with script that retrieve remote files
Next Topic:	Give me the names of some CRM php projects

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Nov 22 21:33:20 GMT 2024

Total time taken to generate the page: 0.04465 seconds