MFA Posted February 13, 2015 Share Posted February 13, 2015 Could someone please give me advice or redirect me to helpful information on how to safely insert hyperlinks into a MySQL table by members/users of my site. I am particularly concerned about security. Many thanks. Quote Link to comment Share on other sites More sharing options...
MFA Posted February 13, 2015 Author Share Posted February 13, 2015 At the minute, I'm using prepared statements for safely inserting the link and specialchars function when outputting it. Have I missed anything? Quote Link to comment Share on other sites More sharing options...
Psycho Posted February 13, 2015 Share Posted February 13, 2015 To safely store any value int he database you just need to ensure the value is properly escaped. Prepared statements is the best way to do that. However, you also need to make sure that outputting those values to the page is done safely. Normally, you would escape the content for output to an HTML page so none of it is interpreted as HTML. E.g. convert "<b>" to "<b>". That can be done with htmlspecialchars () and htmlentities (). But, if you want these to be actual hyperlinks, that won't work. You will want some way to escape HTML code, but then to convert any hyperlinks in the code to actual hyperlink int he output. This should be done by parsing the links in the raw data and dynamically creating hyperlinke. This way you can add some filtering to the process to prevent potentially dangerous content in the hyperlink. But, you can't prevent someone from adding a hyperlink to a malicious site. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.