TalkPHP - View Single Post

Sakakuchi · 02-08-2009, 06:56 AM

Hi!

Let's pretend I take Userdata, and save it in a file or database (like a forum or shoubox).
How could I secure the script so that users can enter stuff like "<script>*</script>" and stuff, so that the browser displays it and does not run the script. I always used to use strip_tags to secure my scripts, but it removes the code and does not convert it in something that the browser displays.

Same with "<?php ?>" and similar (binary safe). I guess there needs something to be like an encoding?

Thx for your time reading this post

Greetz
Sakakuchi

02-08-2009, 06:56 AM	#1 (permalink)
Sakakuchi The Contributor Join Date: Feb 2009 Posts: 64 Thanks: 1	Convert Data output Hi! Let's pretend I take Userdata, and save it in a file or database (like a forum or shoubox). How could I secure the script so that users can enter stuff like "<script>*</script>" and stuff, so that the browser displays it and does not run the script. I always used to use strip_tags to secure my scripts, but it removes the code and does not convert it in something that the browser displays. Same with "<?php ?>" and similar (binary safe). I guess there needs something to be like an encoding? Thx for your time reading this post Greetz Sakakuchi __________________ 抒情編程 My ultra secret tool for answering questions I do not know the answer to. :-P