TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   Advanced PHP Programming (http://www.talkphp.com/advanced-php-programming/)
-   -   Convert Data output (http://www.talkphp.com/advanced-php-programming/3953-convert-data-output.html)

Sakakuchi 02-08-2009 06:56 AM
Convert Data output
 
Hi!

Let's pretend I take Userdata, and save it in a file or database (like a forum or shoubox).
How could I secure the script so that users can enter stuff like "<script>*</script>" and stuff, so that the browser displays it and does not run the script. I always used to use strip_tags to secure my scripts, but it removes the code and does not convert it in something that the browser displays.

Same with "<?php ?>" and similar (binary safe). I guess there needs something to be like an encoding?

Thx for your time reading this post :-)

Greetz
Sakakuchi

Salathe 02-08-2009 10:26 AM
If you're outputting HTML, use htmlspecialchars() to encode ampersands (&), angled brackets (<>) and (optionally) single/double (' ") quotation marks.

Sakakuchi 02-08-2009 02:26 PM
Thx for the answer, will read up on htmlspecialchars().


All times are GMT. The time now is 12:08 AM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0