lostprophetpunk Posted August 29, 2008 Share Posted August 29, 2008 I am looking to find the best ways to protect my comment system from attacks. I have already got 'mysql_real_escape_string()' as one method. I have looked at 'strip_tags()' but that somehow lets me still do a link tag even though it is not in the allowed tags. What other methods are there? Note, I would like to have the use of <br> and <br /> to get line breaks. I have tried several methods for line breaks, and they have all failed. Link to comment https://forums.phpfreaks.com/topic/121882-comment-system-protection/ Share on other sites More sharing options...
webref.eu Posted August 29, 2008 Share Posted August 29, 2008 You can check a form field for certain characters that you want to disallow, e.g. //Do not allow @, < or > in ReviewDesc if(strpos($ReviewDesc, '@') OR strpos($ReviewDesc, '<') OR strpos($ReviewDesc, '>')){ $ErrorMsg = $ErrorMsg . "Your Review cannot contain any @, < or > characters, so please remove them.<br>"; $ReviewDesc = PrepareForForm($ReviewDesc); } Full example at: http://www.webref.eu/php-script-disallow-characters-from-field.php Hope that helps. Rgds Link to comment https://forums.phpfreaks.com/topic/121882-comment-system-protection/#findComment-628907 Share on other sites More sharing options...
DeanWhitehouse Posted August 29, 2008 Share Posted August 29, 2008 htmlentities(); Will stop all code Link to comment https://forums.phpfreaks.com/topic/121882-comment-system-protection/#findComment-628942 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.