Convert Data output
Let's pretend I take Userdata, and save it in a file or database (like a forum or shoubox).
How could I secure the script so that users can enter stuff like "<script>*</script>" and stuff, so that the browser displays it and does not run the script. I always used to use strip_tags to secure my scripts, but it removes the code and does not convert it in something that the browser displays.
Same with "<?php ?>" and similar (binary safe). I guess there needs something to be like an encoding?
Thx for your time reading this post :-)
If you're outputting HTML, use
Thx for the answer, will read up on htmlspecialchars().
|All times are GMT. The time now is 07:13 PM.|
Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0