Re: I need a fresh look at storing variables in MySQL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2010-03-14 at 12:25 +0100, Rene Veerman wrote:

> On Sun, Mar 14, 2010 at 12:24 PM, Rene Veerman <rene7705@xxxxxxxxx> wrote:
> >
> > I'd love to have a copy of whatever function you use to filter out bad
> > HTML/js/flash for use cases where users are allowed to enter html.
> > I'm aware of strip_tags() "allowed tags" param, but haven't got a good list
> > for it.
> >
> 
> oh, and even <img> tags can be used for cookie-stuffing on many browsers..
> 


Yes, and you call strip_tags() before the data goes to the browser for
display, not before it gets inserted into the database. Essentially, you
need to keep as much original information as possible.

Thanks,
Ash
http://www.ashleysheridan.co.uk



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux