Jump to content

Securing Input fields and use of BBcOde


nielcleo
 Share

Recommended Posts

I am not sure what type of php hack you are mentioning. i think you are looking for some sort of xss prevention..if it is so..You can use http://php.net/function.htmlspecialchars to prevent inputing malicious code

Link to comment
Share on other sites

html alone may not create any problems but javascript can (eg wth <script> tag)...other than that you may want to customise the use of html tags to visual formating ...where bbcode comes intoyou can avoid sql injection by using mysql_real_escape_string() and if you are using mysqli you can use prepared statement also.

Link to comment
Share on other sites

Most WYSIWYG editors generate HTML in the end anyway — it's best not to allow people to use HTML at all, and if formatting is necessary use another markup language like BBCode instead (as birbal says).

Link to comment
Share on other sites

Most WYSIWYG editors generate HTML in the end anyway — it's best not to allow people to use HTML at all, and if formatting is necessary use another markup language like BBCode instead (as birbal says).
how can i work it out for disabling the <script> tag and the BBCodes?im using WYSISYG on admin page only but for just incase i dont want to allow to attack my page so i need to ask some help with you guys about the securing the forms..
Link to comment
Share on other sites

Note that stripping tags isn't always the best idea, because people may want to enter HTML code for display purposes, such as is common on this forum. You can use other functions, such as htmlspecialchars(), to escape input instead, but then no formatting would be possible. That's why there are other systems, like BBCode.

Link to comment
Share on other sites

Note that stripping tags isn't always the best idea, because people may want to enter HTML code for display purposes, such as is common on this forum. You can use other functions, such as htmlspecialchars(), to escape input instead, but then no formatting would be possible. That's why there are other systems, like BBCode.
how can use bbcode rather using HTML tags?
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...