Hi all, I've found this site during searching google for my security questions. One of the biggest problem in web programming is securiy. There are lots of "to-do's" but sometimes we can miss the simple points. I am working on a link manager project which will be usable by public. I decided to implement "limit the allowed characters" method for protection. For example; I am using [code]$string = eregi_replace('[^a-zA-Z0-9]','',$string); return $string;[/code]for parsing and cleaning user inputs. But the problem is parsing and inserting the user provided url's to db ... How should i handle user urls ? I am redirecting users with this frame setup; [code]<frame name="main" src="<?=$url;?>" scrolling="auto">[/code] Any idea ? Thanks