MrCat Posted April 10, 2007 Share Posted April 10, 2007 Hi. I have a site where people can post photos and also captions for the photos. I'm saving the captions in simple text files for including with the HTML. Of course, I don't want someone to put "<script>" in a caption input form, but what else should I filter out? Is it enough just to destroy all instances of "<"? I want to give people the freedom to include brackets and hyphens etc if possible. Any ideas appreciated! Link to comment https://forums.phpfreaks.com/topic/46373-form-validation-what-dangerous-characters-should-i-look-for/ Share on other sites More sharing options...
s0c0 Posted April 10, 2007 Share Posted April 10, 2007 I would get rid of all < and > that should do it. If you are posting these fields to a sql query string you may want to block other stuff like DROP, SELECT, etc... Link to comment https://forums.phpfreaks.com/topic/46373-form-validation-what-dangerous-characters-should-i-look-for/#findComment-225565 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.