| Re: BB type posting - is this secure? [message #176398 is a reply to message #176391] |
Fri, 30 December 2011 15:01   |
Michael Joel
Messages: 42
Registered: October 2011
Karma:
|
Member |
|
|
On Fri, 30 Dec 2011 10:59:46 +0100, "Álvaro G. Vicario"
<alvaro(dot)NOSPAMTHANX(at)demogracia(dot)com(dot)invalid> wrote:
> El 29/12/2011 23:45, Michael Joel escribió/wrote:
>> I am allowing posts to the page and wanted to see if this is secure.
>>
>> data from sql is placed in an array (say $MyArray):
>>
>> $MyArray["Post"] = nl2br(stripslashes($MyArray["Post"]));
>
> .......... SNIP ................
Sorry I did not make it clear.
stripslashes is used as it comes out of the db, addslashes are used as
it goes in (but as mention mysql_real_escape_string is to be used).
Someone else also claimed the strip_tags($MyString, "<br>");
will strip <br> - but it does not. Maybe it will <br /> but then just
change it to "<br><br />"
the right parameter is to provide exception tags.
Thanks for all the information-
Mike
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]