Dragoon Posted September 30, 2007 Share Posted September 30, 2007 A project I'm working on involves allowing users to submit content (text/URLs, mainly) via form, which will be added to the same database as approved content (with an "unapproved" status). However, due to my relative ignorance with PHP, I'm hesitant to do this without more info regarding how to prevent abuse/exploitation of the system. Any suggestions? Quote Link to comment Share on other sites More sharing options...
rarebit Posted September 30, 2007 Share Posted September 30, 2007 All POST / GET / COOKIE data should be checked for validity, e.g. is it empty, is there any sql injections (http://uk3.php.net/manual/en/function.mysql-real-escape-string.php), is there any characters that shouldn't be in there, is there code when there shouldn't (e.g. html, bb, php, javascript, vbscript, etc), you might want to run checks against a list of banned words. There's examples of how to deal with each of these somewhere within this forum... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.