Re: [PHP] Script feedback: insert string into another string
On Wed, May 2, 2007 6:36 pm, Micky Hulse wrote:
1. wordwrap() is a little different than the function I wrote because
it
counts characters only... I need to count words. I am sure wordwrap
could be modified to count words, but I have yet to really explore
this
option.
Counting words is almost always a Bad Idea, since you may have users
who use big fat words (University professors and Market-speak) and you
have have texters who, like, don't even use words...
u c ? i mean?
:-v
2. Brad S. posted some information about cookies and my script, but
did
not really explain what he was talking about... I just read your post
about what those cookies are, and it makes things a bit more clear
(thanks!), but what was Brad getting at? I want good security, and it
sounded like Brad was saying he could access cookies through my form?
I
am not very familiar with XSS attacks, but that sounded like what Brad
was getting at... So my first thought was this:
I thought striptags() would take care of such problems [XSS
attack]...
but it sounds like I need to filter my [input] strings [via form] with
htmlentities... no?
striptags will attempt to remove any HTML tags.
This avoids most XSS attacks, as the attack is buried in an HTML tag.
You could probably *still* manage to take some kind of user input, and
output some kind of HTML that would have an XSS attack...
But you'd have to work pretty hard at it...
You generally want to call striptags() on the data as it comes in, if
you are not allowing HTML input. And possibly raise an error if the
original input and the striptags() result don't match, as the user
probably *thought* you were going to accept HTML input...
Or, don't do striptags at all, and, instead...
htmlentities takes text that is about to go to the browser, and makes
it browser-safe to display that text as text, and not as HTML.
It converts any special characters that have meaning to a browser
into their HTML equivalent entities that will render the symbol that
looks like the original text, rather than tell the browser to render
something else entirely.
You generally want to call htmlentities() right before you send *any*
data to the browser:
$text = Some big long block o' text that you have stored in your
DB.;
$url = http://example.com/var=; . urlencode('nasty ugly value, eh?');
$text_html = htmlentities($text);
$url_html = htmlentities($url);
echo p$text/p\n;
echo a href=\$url_html\$url_html/a\n;
It may seem odd at first, but, really, *ANY* data you send to the
browser as data should have htmlentities() called on it.
The only exception would be if you have data that already has HTML
tags buried in it -- and that's almost always a Bad Idea in the first
place, as it gets really tricky to be sure that you aren't sending out
very broken HTML and XSS-infected HTML and ... An exception might be
if you generate static HTML and cache that, using the techniques above
to create the static HTML in the first place.
--
Some people have a gift link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Hi Richard, thanks again for the detailed reply, I really appreciate you
help.
Richard Lynch wrote:
Counting words is almost always a Bad Idea, since you may have users
who use big fat words (University professors and Market-speak) and you
have have texters who, like, don't even use words...
u c ? i mean?
:-v
LOL! Yah, I c ? u mean! :)
Good point. I hope the only person using this form will be me and a few
others (will be posting it in a secure location)... Basically I wanted a
good way to insert template tags for pagination links (done via my CMS)
at specific word counts... Mostly doing this to get well-balanced pages
for SEO purposes -- Also, it is hard as heck to visualize well-balanced
page breaks.
But you'd have to work pretty hard at it...
Ahh, very interesting. :)
You generally want to call striptags() on the data as it comes in, if
you are not allowing HTML input. And possibly raise an error if the
original input and the striptags() result don't match, as the user
probably *thought* you were going to accept HTML input...
Oh, kinda reminds me of filtering the comments of a Contact Form... I
have used strip tags on the textareas and then compared the strings...
This worked well, but I bet most folks do not think they can use HTML
when it comes to a comment form (except spammers)... Thanks for pointing
this out. :)
Or, don't do striptags at all, and, instead...
snip
$text = Some big long block o' text that you have stored in your
DB.;
$url = http://example.com/var=; . urlencode('nasty ugly value, eh?');
$text_html = htmlentities($text);
$url_html = htmlentities($url);
echo p$text/p\n;
echo a href=\$url_html\$url_html/a\n;
Sweet! Thanks for the example and the great explanation!
It may seem odd at first, but, really, *ANY* data you send to the
browser as data should have htmlentities() called on it.
That sounds good to me.
The only exception would be if you have data that already has HTML
tags buried in it -- and that's almost always a Bad Idea in the first
place, as it gets really tricky to be sure that you aren't sending out
very broken HTML and XSS-infected HTML and ... An exception might be
if you generate static HTML and cache that, using the techniques above
to create the static HTML in the first place.
Ahhh, very interesting thought... Many thanks for the detailed reply
Richard, it has been extremely helpful to me. :)
I owe you and Tijnema a beer!
Have a great day/night!
Cheers,
Micky
--
Wishlists: http://snipurl.com/1gqpj
Switch: http://browsehappy.com/
BCC?: http://snipurl.com/w6f8
My: http://del.icio.us/mhulse
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
I owe you and Tijnema a beer! Have a great day/night! Cheers, Micky I'm sorry, you have to wait another 9 months, because only than i can legally drink a beer :) (than i will be 16 :) ) Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Script feedback: insert string into another string
On Sat, April 28, 2007 5:10 pm, Brad Sumrall wrote: But! I am now noticing that the main page provides cookies called _utma _utmb _utmc _utmz Hmmm Actually, they each have an extra underscore on front, I think. __utma etc. These are from some non-PHP session/cookie management setup, I believe. Google analytics will cause that, as you are hitting Google's tracking. Likewise many other popular plug-in HTML/JavaScript stuff like banner advertisements, inktome, akami, etc. I'm not quite sure which goofy system needs FOUR friggin' cookies with a, b, c, and z after __utm, but it's sure annoying as hell to those of use who don't accept cookies willy-nilly... I pretty much stop visiting any site that needs to set more than 1 cookie, as I assume its developers haven't got a clue what they are doing, and therefore I don't want to give them any personal information, as I don't trust them. I let the __utma crowd slide, as I know it's some big-time everybody-use-it mess, but I'm still less likely to give any substantive input to such a site. Call me paranoid. PS Still haven't figured out why you want to report me to PayPal as a fraud when I don't sell anything through PayPal... :-v -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
On Sat, April 28, 2007 5:31 pm, Micky Hulse wrote: Brad Sumrall wrote: But! I am now noticing that the main page provides cookies called _utma _utmb _utmc _utmz Hmmm Wha? Never thought of that. It looks like wordwrap() may not be what I am looking for (though, still researching)... Either way, I am curious to hear what you would do to make this script more secure? Allowing cookies sounds like a security hole... Any suggestions for beefing-up my security would be spectacular! :) I can GUARANTEE that PHP's wordwrap did NOT issue those cookies. :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Hey Richard! Thanks for the reply. I was hoping someone would re-visit my questions. Richard Lynch wrote: I can GUARANTEE that PHP's wordwrap did NOT issue those cookies. Oh, for sure. I understand that. I guess what I was trying to say/ask was this: 1. wordwrap() is a little different than the function I wrote because it counts characters only... I need to count words. I am sure wordwrap could be modified to count words, but I have yet to really explore this option. 2. Brad S. posted some information about cookies and my script, but did not really explain what he was talking about... I just read your post about what those cookies are, and it makes things a bit more clear (thanks!), but what was Brad getting at? I want good security, and it sounded like Brad was saying he could access cookies through my form? I am not very familiar with XSS attacks, but that sounded like what Brad was getting at... So my first thought was this: I thought striptags() would take care of such problems [XSS attack]... but it sounds like I need to filter my [input] strings [via form] with htmlentities... no? Lol, I hope I am not confusing you or anyone else. :D Thanks again for you help! I really appreciate it. Have a great day and/or night. Cheers! Micky -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Hi Richard! Thanks again for your help on this one. ;) Richard Lynch wrote: These are from some non-PHP session/cookie management setup, I believe. Ahhh, very interesting! Thanks for the clarification. :) Call me paranoid. Better that than spammed! :D PS Still haven't figured out why you want to report me to PayPal as a fraud when I don't sell anything through PayPal... :-v Not me. I got your back though! Have a great day/night, cheers, Micky -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
On 4/28/07, Micky Hulse [EMAIL PROTECTED] wrote:
Hi,
I pieced-together a script that will insert a string into another string
at a set interval of words... See here:
http://www.ambiguism.com/sandbox/truncate/truncate.php
[Click the view source link to view source.] :D
Basically, I need a setup a page where my client can paste an article,
automate the insertion of a template tag (in this case: {page_break})
and then copy/paste into the blog/cms. My goal for this script was to
make it easy for the CMS to create word-balanced pages.
Long story short, I got what I think will be an acceptable script... but
I would love to get feedback. What do you think? What can I improve?
What am I doing wrong?
The script does not need to be super-robust, but would love to hear what
the PHP gurus have to say. ;)
Many thanks in advance!
Cheers,
Micky
Nice idea, but it seems that it isn't working correctly. I did this example:
?php
for($x = 0; $x 100; $x++) { $string .= abc; }
echo break_up($string, 10, ||);
?
With your break_up function. It results this:
abc abc abc abc abc abc abc abc abc abc
||abc abc abc abc abc abc abc abc abc
||abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc
||abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc
abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc
abc abc abc abc abc
||abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc
While i expected this:
abc abc abc abc abc abc abc abc abc abc
||abc abc abc abc abc abc abc abc abc abc
||abc abc abc abc abc abc abc abc abc abc
||abc abc abc abc abc abc abc abc abc abc
||abc abc abc abc abc abc abc abc abc abc
||abc abc abc abc abc abc abc abc abc abc
||abc abc abc abc abc abc abc abc abc abc
||abc abc abc abc abc abc abc abc abc abc
||abc abc abc abc abc abc abc abc abc abc
||abc abc abc abc abc abc abc abc abc abc
And i found where the problem is, it is this line:
$num += $num; // Set next number flag to look for.
This works only for one time, but after that, it doubles whole time,
so in above example, $num would go like this:
10
20
40
80
So to fix, replace this part of the code:
for($i=0; $i count($array); $i++) {
# For every string in the array, we make one more test to
assure it is a word.
# We assume that are words only strings that contain at least
a letter character (we will not count commas for example).
# Checks for existence of letter characters, including the
special characters and increments the number of words if found.
if(eregi('[0-9A-Za-zÀ-ÖØ-öø-ÿ]', $array[$i])) {
if($words == $num) {
$hldr[$up++]; // $num flag met, add one to $hldr array.
$num += $num; // Set next number flag to look for.
} else {
$hldr[$up] .= $array[$i].' '; // $num flag not met
yet, insert a space.
}
$words++;
}
}
with this:
$look = $num
for($i=0; $i count($array); $i++) {
# For every string in the array, we make one more test to
assure it is a word.
# We assume that are words only strings that contain at least
a letter character (we will not count commas for example).
# Checks for existence of letter characters, including the
special characters and increments the number of words if found.
if(eregi('[0-9A-Za-zÀ-ÖØ-öø-ÿ]', $array[$i])) {
if($words == $look) {
$hldr[$up++]; // $num flag met, add one to $hldr array.
$look += $num; // Set next number flag to look for.
} else {
$hldr[$up] .= $array[$i].' '; // $num flag not met
yet, insert a space.
}
$words++;
}
}
That's it.
Tijnema
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Tijnema! Thanks for the quick reply! I really really really appreciate
the help. :D
Tijnema ! wrote:
Nice idea, but it seems that it isn't working correctly. I did this
example:
?php
for($x = 0; $x 100; $x++) { $string .= abc; }
echo break_up($string, 10, ||);
?
With your break_up function. It results this:
...snip...
While i expected this:
.../snip...
Ahh! Great way to test this!
I thought I noticed a problem, but did not put two-and-two together due
to the huge string I was using... The way you simplified things really
made that error clear. Thanks for the help on this! :)
And i found where the problem is, it is this line:
$num += $num; // Set next number flag to look for.
This works only for one time, but after that, it doubles whole time,
so in above example, $num would go like this:
10
20
40
80
Doh! Great catch! I should have printed that var out... Hehe, I am such
a noob!
So to fix, replace this part of the code:
...snip...
with this:
...snip...
That's it.
Woot! Looks good to me. I moved the script to a new location with a more
fitting name:
http://www.ambiguism.com/sandbox/insert/insert.php
Your test code is at bottom of that page. ;)
Nice, I am stoked! Thanks again for the help, I owe you one. :D
Have a great day/night,
Cheers,
Micky
--
Wishlists: http://snipurl.com/1gqpj
Switch: http://browsehappy.com/
BCC?: http://snipurl.com/w6f8
My: http://del.icio.us/mhulse
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Just FYI, I did some slight upgrades/updates to the code... Seems to be working pretty good now. :) http://www.ambiguism.com/sandbox/insert/insert.php Thanks again Tijnema! Cheers, Micky -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
On 4/28/07, Micky Hulse [EMAIL PROTECTED] wrote:
Just FYI, I did some slight upgrades/updates to the code... Seems to be
working pretty good now. :)
http://www.ambiguism.com/sandbox/insert/insert.php
Thanks again Tijnema!
Cheers,
Micky
I think i found another problem in your script, when i set the word
count to 2, with your example test, at some point there is this:
(separator = || )
||Vestibulum urna.
h6Test
||header/h6
Nam egestas
||rhoncus nisl.
This occurs because you count a word starting with not as a word,
but since there's no space between and Test, Test isn't recognized
as a word either.
So you should want to use strip_tags on every word, but only on inside
the eregi function. So like this:
if(eregi('[0-9A-Za-zÀ-ÖØ-öø-ÿ]', $array[$i])) {
becomes:
if(eregi('[0-9A-Za-zÀ-ÖØ-öø-ÿ]', strip_tags($array[$i]))) {
That would fix it :)
Tijnema
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Tijnema! You rock! Another great catch. :)
Tijnema ! wrote:
...snip...
the eregi function. So like this:
if(eregi('[0-9A-Za-zÀ-ÖØ-öø-ÿ]', $array[$i])) {
becomes:
if(eregi('[0-9A-Za-zÀ-ÖØ-öø-ÿ]', strip_tags($array[$i]))) {
That would fix it :)
Just updated the code. (Hehe, tis hard to catch those zzZZzz's when my
mind is thinking in code.)
http://www.ambiguism.com/sandbox/insert/insert.phps
Has anyone told you that you are a very good beta tester! :D
I hope I did it right... Looks like I may still be having the same
problems (word count = 2, and separator = | |:
| |Vestibulum urna.
h6Test
| |header/h6
Nam egestas
| |rhoncus nisl.
Hmmm, going to stare at this code for a bit... Many thanks again for
your help -- it really helps having that second pair of eyes.
I will post again if I significantly update the code. ;)
Thanks Tijnema! I really appreciate your time, help, and expertise.
Cheers,
Micky
--
Wishlists: http://snipurl.com/1gqpj
Switch: http://browsehappy.com/
BCC?: http://snipurl.com/w6f8
My: http://del.icio.us/mhulse
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
On 4/28/07, Micky Hulse [EMAIL PROTECTED] wrote:
Tijnema! You rock! Another great catch. :)
Tijnema ! wrote:
...snip...
the eregi function. So like this:
if(eregi('[0-9A-Za-zÀ-ÖØ-öø-ÿ]', $array[$i])) {
becomes:
if(eregi('[0-9A-Za-zÀ-ÖØ-öø-ÿ]', strip_tags($array[$i]))) {
That would fix it :)
Just updated the code. (Hehe, tis hard to catch those zzZZzz's when my
mind is thinking in code.)
http://www.ambiguism.com/sandbox/insert/insert.phps
Has anyone told you that you are a very good beta tester! :D
I hope I did it right... Looks like I may still be having the same
problems (word count = 2, and separator = | |:
| |Vestibulum urna.
h6Test
| |header/h6
Nam egestas
| |rhoncus nisl.
Hmmm, going to stare at this code for a bit... Many thanks again for
your help -- it really helps having that second pair of eyes.
I will post again if I significantly update the code. ;)
Thanks Tijnema! I really appreciate your time, help, and expertise.
Cheers,
Micky
Well, i found another thing, it's not really a bug, but you're using
eregi, which is a case insensitive function, and you're trying to find
a match for A-Z (ABCD...XYZ) and a-z (abcd...xyz), but they are both
the same, because you're using an case insensitive function. So you
could simplify your code a little bit to remove the double things.
Didn't find anymore bugs yet, maybe later... if i find one i'll let you know :)
Tijnema
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Without reading source, it sounds like you've just re-invented this:
http://php.net/wordwrap
:-)
On Sat, April 28, 2007 12:32 am, Micky Hulse wrote:
Hi,
I pieced-together a script that will insert a string into another
string
at a set interval of words... See here:
http://www.ambiguism.com/sandbox/truncate/truncate.php
[Click the view source link to view source.] :D
Basically, I need a setup a page where my client can paste an article,
automate the insertion of a template tag (in this case: {page_break})
and then copy/paste into the blog/cms. My goal for this script was to
make it easy for the CMS to create word-balanced pages.
Long story short, I got what I think will be an acceptable script...
but
I would love to get feedback. What do you think? What can I improve?
What am I doing wrong?
The script does not need to be super-robust, but would love to hear
what
the PHP gurus have to say. ;)
Many thanks in advance!
Cheers,
Micky
--
Wishlists: http://snipurl.com/1gqpj
Switch: http://browsehappy.com/
BCC?: http://snipurl.com/w6f8
My: http://del.icio.us/mhulse
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Some people have a gift link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Tijnema ! wrote: Didn't find anymore bugs yet, maybe later... if i find one i'll let you know :) Thanks again Tijnema! I just read the not from Richard Looks like I might have wasted your time on this one. :( I just woke up... going to test wordwrap() You know, I saw that in the manual a day or so ago, and it sounded like what I needed, but all the examples talked about how it breaks long words -- not what I needed... But now I see that there is a way to easily turn that feature on/off! Shux. I have a feeling that, with the help of Tijnema, I just re-invented wheel. I will be back shortly with a test page. :D Thanks, Micky -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Script feedback: insert string into another string
But!
I am now noticing that the main page provides cookies called
_utma
_utmb
_utmc
_utmz
Hmmm
Brad
-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]
Sent: Saturday, April 28, 2007 3:48 PM
To: [EMAIL PROTECTED]
Cc: php php
Subject: Re: [PHP] Script feedback: insert string into another string
Without reading source, it sounds like you've just re-invented this:
http://php.net/wordwrap
:-)
On Sat, April 28, 2007 12:32 am, Micky Hulse wrote:
Hi,
I pieced-together a script that will insert a string into another
string
at a set interval of words... See here:
http://www.ambiguism.com/sandbox/truncate/truncate.php
[Click the view source link to view source.] :D
Basically, I need a setup a page where my client can paste an article,
automate the insertion of a template tag (in this case: {page_break})
and then copy/paste into the blog/cms. My goal for this script was to
make it easy for the CMS to create word-balanced pages.
Long story short, I got what I think will be an acceptable script...
but
I would love to get feedback. What do you think? What can I improve?
What am I doing wrong?
The script does not need to be super-robust, but would love to hear
what
the PHP gurus have to say. ;)
Many thanks in advance!
Cheers,
Micky
--
Wishlists: http://snipurl.com/1gqpj
Switch: http://browsehappy.com/
BCC?: http://snipurl.com/w6f8
My: http://del.icio.us/mhulse
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Some people have a gift link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Micky Hulse wrote: Shux. I have a feeling that, with the help of Tijnema, I just re-invented wheel. Wait! wordwrap() default behaviour is to count characters, not words. wordwrap — Wraps a string to a given number of characters using a string break character I think that is why I initially avoided this function... but reading through the manual comments now. BBS. THanks, M -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Brad Sumrall wrote: But! I am now noticing that the main page provides cookies called _utma _utmb _utmc _utmz Hmmm Wha? Never thought of that. It looks like wordwrap() may not be what I am looking for (though, still researching)... Either way, I am curious to hear what you would do to make this script more secure? Allowing cookies sounds like a security hole... Any suggestions for beefing-up my security would be spectacular! :) Thanks, M -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script feedback: insert string into another string
Micky Hulse wrote: Allowing cookies sounds like a security hole... Any suggestions for beefing-up my security would be spectacular! :) Ahhh, would that have anything to do with XSS? http://www.php.net/manual/en/function.htmlentities.php I thought striptags() would take care of such problems... but it sounds like I need to filter my strings with htmlentities... no? Thanks again for the help Brad and all, I really appreciate everyones help and guidance... This is for a pro-bono job, so I am trying to use every opportunity to try an learn new things (pro-bono means more freedom.) Have a great day all! Cheers, Micky -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
