Can somebody share there clean classes with me. I have quite a few things i need validating, and right now it's just at mysql_real_escape_string, it needs to process html though. Thats the only drawback, thanks!
Printable View
Can somebody share there clean classes with me. I have quite a few things i need validating, and right now it's just at mysql_real_escape_string, it needs to process html though. Thats the only drawback, thanks!
uhh, forget that apparently this wysiwyg editor is absolutely stupid, just use this:
http://pastebin.com/m2d7e3fd9
ty much
The link Dan posted will work just fine but could you not/wouldn't it be wise to use that in conjunction with some other string replace queries (eg. SELECT FROM, UPDATE, DELETE, etc.)?
Not really, with ''s out of the question any well formed SQL query wont have problems like that, I stopped removing stuff like that ages ago.Quote:
Originally Posted by Scriptz
Test the divs.
Who the heck are you? Oh Ivake, ok.
I have to agree, that was funny.Quote:
Originally Posted by Insedated
Just addslashes?
what about mysql_real_escape_string and htmlentities and all that jazz.
You can use mysql_real_escape_string, but I advise against it.
htmlentities has nothing to do with HTML injection.. that changes ^&$&U^& and all those symbols to their HTML version.