|
Posted by Archibald on 08/22/05 16:44
In article <ddttv3$2q3$1@ikaria.belnet.be>, timvw@users.sourceforge.net
says...
> I wouldn't name this a security issue but a mysql issue.
> Read http://www.php.net/mysql_real_escape_string and you will know how
> you can handle the "special" characters.
Thanks.
I have a problem with messages, because now all ' symbols are displayed
as /'. I also need to allow newlines in a message (automatic <BR> after
enter in the form) and disallow other tags like <a href>. What set of
functions is best for this task?
A new address if you want to check security
http://www.lords.gamessite.net/ I have put mysql_escape_string()
everywhere where user can modify database, anything else I should do?
--
Archibald
Navigation:
[Reply to this message]
|