On 24/01/2008, Richard Lynch <[EMAIL PROTECTED]> wrote:
> It is NOT safe from, say, XSS attack if $evilString contains an XSS
> snippet and you re-display it on your site.
>
> In other words, you should still filter the INPUT somewhere; But you
> are escaping the output to MySQL so that it is not going to execute
> arbitrary SQL on your DB server.
After I pull the info out of the database, before it goes to the
webbrowser, it goes through this:
function clean_html ($dirty) {
$dirty=strip_tags($dirty);
$clean=htmlentities($dirty);
return $clean;
}
Dotan Cohen
http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
