List:General Discussion« Previous MessageNext Message »
From:Martin Gainty Date:August 3 2008 2:22am
Subject:RE: Blocking HTML code in inserts?
View as plain text  
I'm seeing this more and more
I'm hearing the justification that its easier to put an pre-formatted anchor tag or href
but you're right
if html is stored in the DB then javascript can easily follow
of course the overseas contractors sticking in href to their own sites sure does'nt help

Glad to hear strip_tags.php has come to the rescue..

Martin
______________________________________________ 
Disclaimer and confidentiality note 
Everything in this e-mail and any attachments relates to the official business of Sender.
This transmission is of a confidential nature and Sender does not endorse distribution to
any party other than intended recipient. Sender does not necessarily endorse content
contained within this transmission. 


> Date: Sat, 2 Aug 2008 18:51:55 -0400
> From: swade12@stripped
> Subject: Re: Blocking HTML code in inserts?
> To: mysql@stripped
> 
> 
> assuming php from your sig strip_tags
> 
> http://www.php.net/manual/en/function.strip-tags.php
> 
> 
> shannon
> 
> 
> On Aug 2, 2008, at 5:16 PM, Skip Evans wrote:
> 
> > Hey all,
> >
> > What is the most effective way to block HTML code in insert  
> > statements?
> >
> > I have a client with a comments form that is being bombarded with  
> > people inserting references to their own sites, etc, and I need an  
> > effective way to filter basically any HTML tags at all.
> >
> > Thanks,
> > Skip
> > -- 
> > Skip Evans
> > Big Sky Penguin, LLC
> > 503 S Baldwin St, #1
> > Madison, WI 53703
> > 608-250-2720
> > http://bigskypenguin.com
> > =-=-=-=-=-=-=-=-=-=
> > Check out PHPenguin, a lightweight and versatile
> > PHP/MySQL, AJAX & DHTML development framework.
> > http://phpenguin.bigskypenguin.com/
> >
> > -- 
> > MySQL General Mailing List
> > For list archives: http://lists.mysql.com/mysql
> > To unsubscribe:    http://lists.mysql.com/mysql?unsub=1
> >
> 
> 
> -- 
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe:    http://lists.mysql.com/mysql?unsub=1
> 

_________________________________________________________________
Reveal your inner athlete and share it with friends on Windows Live.
http://revealyourinnerathlete.windowslive.com?locale=en-us&ocid=TXT_TAGLM_WLYIA_whichathlete_us
Thread
Blocking HTML code in inserts?Skip Evans2 Aug
  • Re: Blocking HTML code in inserts?Mr. Shawn H. Corey2 Aug
  • Re: Blocking HTML code in inserts?Mark Goodge2 Aug
  • Re: Blocking HTML code in inserts?Shannon Wade3 Aug
    • RE: Blocking HTML code in inserts?Martin Gainty3 Aug
Re: Blocking HTML code in inserts?chaim.rieger3 Aug