Remy Aquila
Reputation:
Php safe output
When outputting user input I use this function:
function bbkoda($text) {
$text = htmlspecialchars($text);
$text = nl2br($text);
$hitta = array(
"'\[b](.*?)\[/b]'is",
"'\[i](.*?)\[/i]'is"
);
$byt = array(
"<b>\\1</b>",
"<i>\\1</i>"
);
$text = preg_replace($hitta, $byt, $text);
return $text;
}
This is pretty safe right? I sanitize all i insert to db with mysql_real_escape_string and output it with htmlspecialchars. Im a very doubtful person :P
Thanks
Upvotes: 0
Views: 6585
Answers (1)
merkuro
Reputation: 6177
There is already a quite good explanation on stackoverflow on this topic. Basically you definitely need to work on your in- and output to get it really safe!
Upvotes: 1
Related Questions
- PHP Sanitize Data
- Sanitizing HTML input
- creating a sanitizing function
- What is the real way to sanitize user input and output safely and conveniently
- Sanitize User Input via PHP
- php safe output
- Sanitize? When it doesn't output as HTML nor go into an SQL query
- PHP HTML sanitizer
- PHP - Sanitize all data?
- Best way to sanitize content with PHP?