Assistance with securing input
I have an input field table $url that gets a secure scrub before being posted to the DB, but some of the characters are being HTMLicized after the scrubbing so that any URL that goes in with an & comes out on the other end as & and basically breaking the link.
here is the function:
}
function Secure ($string){
return trim(mysql_real_escape_string(strip_tags(htmlentities($string))));
}
here is the call on the page where input is:
$url = $_POST["url"];
$url = Secure($url);
thanks for your time,
d
Subject
Written By
Posted
Assistance with securing input
May 02, 2011 02:37PM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.