Tom10 Posted April 8, 2015 Share Posted April 8, 2015 Hi, ok so basically i have a forum and want to use a character class to detect if someone is trying to post a thread with a malicious title or message like xss, i have already used a regex in the url to filter characters $url = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . ''; if(preg_match("#[^\w\s\b\/\&\?\=\-\.\%\_\[\]]#", $url)) { include 'denied.php'; exit(); } But i'm wondering how can i do something like this for a page? if that makes sense All help very much appreciated, i'm not the best at explaining so if something doesn't make sense please ask and i will try to explain in more detail Quote Link to comment Share on other sites More sharing options...
Solution Psycho Posted April 8, 2015 Solution Share Posted April 8, 2015 You should definitely NOT use RegEx for this. All you need is to use the existing function htmlspecialchars() whenever outputting user defined content to the page. You should also use the ENT_QUOTES flag when using it. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.