Current location: Hot Scripts Forums » Programming Languages » PHP » Stop CSS in a Database


Stop CSS in a Database

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 10-11-09, 04:05 PM
SniperTowers SniperTowers is offline
Wannabe Coder
  
Join Date: Dec 2008
Posts: 143
Thanks: 5
Thanked 0 Times in 0 Posts
Stop CSS in a Database
If someone adds css into a php form on my site, is it possible to stop that css from working?
Reply With Quote
  #2 (permalink)  
Old 10-11-09, 04:14 PM
captcha captcha is offline
Newbie Coder
  
Join Date: Jul 2009
Posts: 24
Thanks: 0
Thanked 1 Time in 1 Post
Not sure if thats what you`r looking for, but the thread in End Users signature is probably a good start to read (http://www.hotscripts.com/forums/lou...ly-simple.html)
Reply With Quote
  #3 (permalink)  
Old 10-11-09, 04:23 PM
SniperTowers SniperTowers is offline
Wannabe Coder
  
Join Date: Dec 2008
Posts: 143
Thanks: 5
Thanked 0 Times in 0 Posts
Basically, I have a form on my site which gets stored in a database. If someone types css in that form and I reurn it to a seperate page that css will effect the page. How do I stop css from returning in the results?
Reply With Quote
  #4 (permalink)  
Old 10-11-09, 08:15 PM
wirehopper's Avatar
wirehopper wirehopper is offline
-
  
Join Date: Feb 2006
Posts: 2,515
Thanks: 20
Thanked 109 Times in 106 Posts
I recommend End User's sanitize script. It's posted in the forum, probably under the above link.
Reply With Quote
  #5 (permalink)  
Old 10-11-09, 08:17 PM
ruteckycs's Avatar
ruteckycs ruteckycs is offline
Coding Addict
  
Join Date: Jul 2009
Posts: 377
Thanks: 6
Thanked 10 Times in 10 Posts
I think what captcha was saying is that CSS is the least of your worries. If your saving unclean data into a database I could type quarry's into your form and delete tables or all sorts of stuff. Or I could type JavaScript into your form a hijack your site / page... bad stuff can happen, much worse that changing the font size / color.

check out these:
http://www.hotscripts.com/forums/lou...ly-simple.html
PHP: htmlentities - Manual
PHP: Magic Quotes - Manual
PHP: strip_tags - Manual
MySQL Tutorial - SQL Injection
http://us.php.net/mysql_real_escape_string
__________________
This post was created with 100% recycled electrons.
Reply With Quote
Reply

Bookmarks

« getting: You have an error in your SQL syntax | Displaying data from mysql »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
dilemma: css or js navi, could use either, see pros/cons to both for my client LockedNLoaded CSS 1 04-02-09 05:41 PM
Filling out a registry form multiple times from an MySQL Database aeisecurity PHP 7 03-25-08 08:09 AM
Simple, searchable book database max fischer Script Requests 0 05-14-05 01:00 PM


All times are GMT -5. The time now is 08:00 AM.
vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.