On 24/01/2008, Richard Lynch <ceo@xxxxxxxxx> wrote:> It is NOT safe from, say, XSS attack if $evilString contains an XSS> snippet and you re-display it on your site.>> In other words, you should still filter the INPUT somewhere; But you> are escaping the output to MySQL so that it is not going to execute> arbitrary SQL on your DB server.
After I pull the info out of the database, before it goes to thewebbrowser, it goes through this:
function clean_html ($dirty) { $dirty=strip_tags($dirty); $clean=htmlentities($dirty); return $clean;}
Dotan Cohen
http://what-is-what.comhttp://gibberish.co.ilא-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת;
A: Because it messes up the order in which people normally read text.Q: Why is top-posting such a bad thing?
