On Wednesday, 28 June 2017 at 19:21:35 UTC, Vladimir Panteleev
wrote:
On Wednesday, 28 June 2017 at 19:14:19 UTC, aberba wrote:
I'm already using prepared statements thoroughly. strip_tags()
has its own uses beside making it safe for db storage.
Nothing to do with DB storage! XSS and SQL injections are two
very distinct classes of vulnerabilities.
Please read this ASAP:
https://en.wikipedia.org/wiki/Cross-site_scripting
Ha ha. I will strip out <script> tags in the regex. Its better to
get rig of tags where not needed for clients other than a
browser. Please criticize the stripTags() implementation
