filburt1
23 Apr 2003, 17:42
To easily prevent HTML injection from HTML that happens to be in the results of a database query, do this:
Code:
---------------
Code is only visible to licensed users, and only when logged into the forums.
---------------
That goes through every single element from the fetch_array method and converts all HTML junk to their entities. Then, when you use "$bits[something]" in a template, the user won't be able to inject HTML at all.
Code:
---------------
Code is only visible to licensed users, and only when logged into the forums.
---------------
That goes through every single element from the fetch_array method and converts all HTML junk to their entities. Then, when you use "$bits[something]" in a template, the user won't be able to inject HTML at all.