zGrassman
-
Posts
8 -
Joined
-
Last visited
Never
Posts posted by zGrassman
-
-
OWNED lol
pays to read i guess...ty = )
-
htmlentities() mebbe?
You know what? that is pretty cool...i checked on php.net what it was about and i like this one better. At least with this one if i was to log a page I could tell if someone was trying to put crazyness into my forms. while the other one would just strip it.
Im sure i could assign a seperate var before i strip the tags and then store it in a text file or maybe break it somehow...so it wouldnt be dangerous. but would just using strip_tags() be suffice or would i still be open to attacks. i dont want a whole lot of string functions when there is no need..i understand its all based on what you want your form to do or process i just wanted a general idea. thanks for the info on that function tho i really like it
-
that is what i ment...strip_tags...oops? that is what i ment from the beginning
so ill ask my question again only this time correctly
is strip_tags() good enough to use to stop sql or php or html manipulation entered in to a html form post box?My bad.... LOL
-
is strip_slashes() good enough to use to stop sql or php or html manipulation entered in to a html form post box?
I understand there is still JS issues that i haven't looked into yet and url manipulation with mysql. Any short advise on those topics are appreciated but for now im just worried about html forms. Is killing slashes suffice? I know with a comma you can allow certain tags for certain situations.
the form is username and password login and register for now, i havent used it anywhere else yet just so you have an idea what im working with.
-
yea, im checking to see if the value is == to 1. im new at this stuff, so i guess i want to check if a user is signed in sorta speak. if they are then it shows stuff, if it isnt it shows something else. i changed the source to isset and it works fine. both work fine, i was just curious. so i guess it doesnt matter?
-
session_start(); if($_SESSION[loggedin]) { include('sidebar.php'); include('connect.php'); } else{ print "bla"; }
Or should i use
session_start(); if(isset($_SESSION[loggedin])) { include('sidebar.php'); include('connect.php'); } else{ print "bla"; }
or does it really matter
Calling data from MySQL
in PHP Coding Help
Posted
you are missing an open bracket at the start of your first if