zGrassman Posted October 11, 2007 Share Posted October 11, 2007 is strip_slashes() good enough to use to stop sql or php or html manipulation entered in to a html form post box? I understand there is still JS issues that i haven't looked into yet and url manipulation with mysql. Any short advise on those topics are appreciated but for now im just worried about html forms. Is killing slashes suffice? I know with a comma you can allow certain tags for certain situations. the form is username and password login and register for now, i havent used it anywhere else yet just so you have an idea what im working with. Link to comment https://forums.phpfreaks.com/topic/72865-solved-strip_slashes-and-html-form-security/ Share on other sites More sharing options...
littledragon Posted October 11, 2007 Share Posted October 11, 2007 Um, strip_slashes removes slashes, no? You mean magic_quotes? have a look at http://www.phpfreaks.com/forums/index.php/topic,159839.0.html and many other topics in this forum Link to comment https://forums.phpfreaks.com/topic/72865-solved-strip_slashes-and-html-form-security/#findComment-367464 Share on other sites More sharing options...
darkfreaks Posted October 12, 2007 Share Posted October 12, 2007 no gah *beats both of you* what you need is trim and strip_tags Link to comment https://forums.phpfreaks.com/topic/72865-solved-strip_slashes-and-html-form-security/#findComment-367543 Share on other sites More sharing options...
zGrassman Posted October 12, 2007 Author Share Posted October 12, 2007 that is what i ment...strip_tags...oops? that is what i ment from the beginning so ill ask my question again only this time correctly is strip_tags() good enough to use to stop sql or php or html manipulation entered in to a html form post box? My bad.... LOL Link to comment https://forums.phpfreaks.com/topic/72865-solved-strip_slashes-and-html-form-security/#findComment-367557 Share on other sites More sharing options...
sneamia Posted October 12, 2007 Share Posted October 12, 2007 htmlentities() mebbe? Link to comment https://forums.phpfreaks.com/topic/72865-solved-strip_slashes-and-html-form-security/#findComment-367558 Share on other sites More sharing options...
zGrassman Posted October 12, 2007 Author Share Posted October 12, 2007 htmlentities() mebbe? You know what? that is pretty cool...i checked on php.net what it was about and i like this one better. At least with this one if i was to log a page I could tell if someone was trying to put crazyness into my forms. while the other one would just strip it. Im sure i could assign a seperate var before i strip the tags and then store it in a text file or maybe break it somehow...so it wouldnt be dangerous. but would just using strip_tags() be suffice or would i still be open to attacks. i dont want a whole lot of string functions when there is no need..i understand its all based on what you want your form to do or process i just wanted a general idea. thanks for the info on that function tho i really like it Link to comment https://forums.phpfreaks.com/topic/72865-solved-strip_slashes-and-html-form-security/#findComment-367564 Share on other sites More sharing options...
sneamia Posted October 12, 2007 Share Posted October 12, 2007 foreach ($_REQUEST as $key => $value) { $_REQUEST[$key] = htmlentities($value); } This is what I have in the beginning of every page that has GET/POST variables pass through. Link to comment https://forums.phpfreaks.com/topic/72865-solved-strip_slashes-and-html-form-security/#findComment-367569 Share on other sites More sharing options...
kenrbnsn Posted October 12, 2007 Share Posted October 12, 2007 If you really want to know about PHP security, read the PHP Security Guide Ken Link to comment https://forums.phpfreaks.com/topic/72865-solved-strip_slashes-and-html-form-security/#findComment-367577 Share on other sites More sharing options...
zGrassman Posted October 12, 2007 Author Share Posted October 12, 2007 If you really want to know about PHP security, read the PHP Security Guide Ken OWNED lol pays to read i guess...ty = ) Link to comment https://forums.phpfreaks.com/topic/72865-solved-strip_slashes-and-html-form-security/#findComment-367604 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.