Reply to Re: Importing HTML

Your name:

Reply:


Posted by RJ on 06/06/06 22:51

"Littlefire" <albe@ambientatom.co.za> wrote >

> Probably the safest way to do this is to store the html/text files outside
> your web root and make them readable only by your web server process.
> However, in many cases such overcautious security paranoia is not
> necessary.
>
> Personally, I prefer storing html in the database. You insert the html
> after
> performing addslashes() on it, and when you want to display it, just do a
> stripslashes() before sending to the browser. It works great for me and
> allows me to easily edit things right out of my admin interface. You have
> to be careful here though. If your database gets compromised, someone can
> insert <?php ... ?> at arbitrary places and so gain access to much more
> than just the database, which could ruin your entire site or cause even
> more damage. Make sure that you guard against this by not performing any
> type of eval() on database-obtained html, or strip all PHP code with a
> regex replace before rendering.
>
Thanks, I'll give it a go.

RJ

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация