|
|
#1
28-Dec-2003, 09:48
|
|||
|
|||
PHP securityHi all. I'm learning PHP purely as a hobby, but I intend to write scripts such as a guestbook and tagboard and a basic blog. The problem is, if someone enters some malicious code in their guestbook entry. I know its possible to strip HTML tags out of the text in PHP, but is there anything more that can be done to eliminate someone trying to do such a thing? I imagine that it would involve regular expressions?
Obviously, BBcodes are the best technique for allowing people to format text in a guestbook, and I'm able to do a simple version using str_replace() which is great for converting [b] to <b> but not so good for say, anchor tags, where the content is variable. I would apprecaite any help, pointers etc Many thanks Dunc |
|
#2
28-Dec-2003, 10:19
|
||||
|
||||
|
Hello Dunc,
There are 2 basic 'rules' you should always remember with user input data
__________________
J de Silva Learning Journal | GIDForums™ | GIDNetwork™ | GIDWebhosts™ | GIDSearch™ |
Recent GIDBlog
Last Week of IA Training by crystalattice
| Thread Tools | Search this Thread |
| Rate This Thread | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Optimizing your web server with Turck MMCache for PHP | JdS | Web Hosting Forum | 2 | 07-Jan-2004 07:48 |
| apache2 - php cgi fehler - schleife | inna | Apache Web Server Forum | 8 | 27-Nov-2003 09:55 |
| Automate a data change php form | mjfmn | MySQL / PHP Forum | 4 | 20-Oct-2003 09:37 |
| [Linux] Installing PHP --with-mcrypt | JdS | Web Hosting Forum | 0 | 20-Aug-2003 08:40 |
| All the big PHP script collections that matter | jrobbio | MySQL / PHP Forum | 5 | 06-Jun-2003 16:14 |
Network Sites: GIDNetwork · GIDWebHosts · GIDSearch · Learning Journal by J de Silva, The
