gibigbig Posted July 6, 2010 Share Posted July 6, 2010 I have recently downloaded FCK editor, but thats just a clientside editor (a fancy Textarea). I wish to prevent html and sql injections from it. Is there a function that can clean the input before storing it in the database? I have disabled the following abilities from the editor: adding links and anchors viewing html source adding plugin (flash) adding forms and form elements also i have these functions: function Valid_Input($data){ list($data) = preg_split('/\r|\n|%0A|%0D|0x0A|0x0D/i',ltrim($data)); return $data; } and function clean($text) { $text = htmlspecialchars($text, ENT_QUOTES); return ($text); //output clean text } will this be enough? If not, can you give me a function that will. Link to comment https://forums.phpfreaks.com/topic/206880-htmlsql-injection/ Share on other sites More sharing options...
Mchl Posted July 6, 2010 Share Posted July 6, 2010 What database you're using? For MySQL mysql_real_escape_string is a must for securing against SQL injections (unless you're using prepared statements) For stripping unwanted html tags use strip_tags Link to comment https://forums.phpfreaks.com/topic/206880-htmlsql-injection/#findComment-1081867 Share on other sites More sharing options...
gibigbig Posted July 6, 2010 Author Share Posted July 6, 2010 i see, thank you. that should be enough security for my site for now Link to comment https://forums.phpfreaks.com/topic/206880-htmlsql-injection/#findComment-1081869 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.