fixxxer Posted September 1, 2006 Share Posted September 1, 2006 hi, Ive now finsihed my first site and ive turned my attention to security, im corcerned i have a lot of forms and i use FCKeditor which creates html output. My concern are that in these forms can somone execute a php instruction that cause me problems. how do i prevent a malicious user doning damage to my site with a php instruction.Also what damage could somone do with in a text box.thanks for any help that can be offered. Quote Link to comment Share on other sites More sharing options...
AndyB Posted September 1, 2006 Share Posted September 1, 2006 http://www.fckeditor.net/demo/If you try it, you'll see how it handles stuff like that. Quote Link to comment Share on other sites More sharing options...
fixxxer Posted September 1, 2006 Author Share Posted September 1, 2006 thanks for replying. i think got my question wrong. sorry. im aware of what the post data comes out like it was more a question in general about security for example ive got a text area on my form, how susceptable am i to an attack and what information could someone get from my site if they had an text area to type into. i was also wonddering if theres a way to filer out a statement such as <?php //code ?>.im not sure if im being paranoid about security buot just want to protect my site in the other forms im fine i use strip_tags on all my one line text inputs just not sure what to do with textarea and how to make it safe while still allow html also can javascript be entered into one of those boxes. any help again would be appreciated Quote Link to comment Share on other sites More sharing options...
AndyB Posted September 1, 2006 Share Posted September 1, 2006 http://ca.php.net/manual/en/function.strip-tags.php - check the user notes and code snippets. There are a number of examples there for selectively stripping some stuff while leaving other stuff alone. Quote Link to comment Share on other sites More sharing options...
fixxxer Posted September 1, 2006 Author Share Posted September 1, 2006 thanks for that, they are exactly what im looking, hate to be a pain but just something im wondering, if i didn''t use one of those functions (im am going to. lol) but what would a person be able to do on my site, would they be able to gain access to sensitive information etc.. or could they only do pretty harmless things. this is just to satisfy my curiousity. again thanks for help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.