what is a safe way to clean a post/get before echoing it.
example. input form, user enters some text, hits enter.
.. next page i echo what they entered.
right now i just run the variables passed by htmlentities() which
preseves any html. is that acceptable?
--
PHP General Mailing List
On 6/2/05, Sebastian [EMAIL PROTECTED] wrote:
what is a safe way to clean a post/get before echoing it.
example. input form, user enters some text, hits enter.
set_magic_quotes_runtime( 0 );
if( get_magic_quotes_gpc() == 0 )
{
$_GET= isset( $_GET )? array_map( 'slashes', $_GET )
set_magic_quotes_runtime( 0 );
This is for database, not for showing data in browser. For browser you
need to kill all unknow tags and all unknown properties of known tags.
Afterwards, you need to prepend http:// to any urls that have unknow
protocols. Alternatively, you can make sure that
Sebastian wrote:
what is a safe way to clean a post/get before echoing it.
There are two steps that you're lumping into one. Sanitizing and
cleaning are informal terms for filtering, and this is an inspection
process where you inspect data to be sure that it's valid. You should do
this with
Sebastian wrote:
what is a safe way to clean a post/get before echoing it.
example. input form, user enters some text, hits enter.
.. next page i echo what they entered.
right now i just run the variables passed by htmlentities() which
preseves any html. is that acceptable?
You might also
5 matches
Mail list logo
