lostprophetpunk Posted August 29, 2008 Share Posted August 29, 2008 I am looking to find the best ways to protect my comment system from attacks. I have already got 'mysql_real_escape_string()' as one method. I have looked at 'strip_tags()' but that somehow lets me still do a link tag even though it is not in the allowed tags. What other methods are there? Note, I would like to have the use of <br> and <br /> to get line breaks. I have tried several methods for line breaks, and they have all failed. Quote Link to comment Share on other sites More sharing options...
webref.eu Posted August 29, 2008 Share Posted August 29, 2008 You can check a form field for certain characters that you want to disallow, e.g. //Do not allow @, < or > in ReviewDesc if(strpos($ReviewDesc, '@') OR strpos($ReviewDesc, '<') OR strpos($ReviewDesc, '>')){ $ErrorMsg = $ErrorMsg . "Your Review cannot contain any @, < or > characters, so please remove them.<br>"; $ReviewDesc = PrepareForForm($ReviewDesc); } Full example at: http://www.webref.eu/php-script-disallow-characters-from-field.php Hope that helps. Rgds Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted August 29, 2008 Share Posted August 29, 2008 htmlentities(); Will stop all code Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.