开发者

securely accepting html in mysql

I allow some HTML tags to be used in my form. Ho开发者_如何学JAVAw can ensure my database (mysql) is safe, when using php to insert this data into it?


Use prepared statements to escape it for sql and htmlentities when outputting it to html.

What's the best method for sanitizing user input with PHP?


I'm not familiar with PHP, but there should be some helper functions that will help. Use prepared statements to prevent SQL injection attacks from working. That will prevent the first danger. The second is to sanitize the HTML to only allow the tags you deem safe. I.e. all tags and form tags should be removed, as well as tags that would ruin the layout of your site. You'll have to find the library method to do this.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜