Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

htmlentities()

  • 29-01-2007 2:12pm
    #1
    Registered Users, Registered Users 2 Posts: 673 ✭✭✭


    Hi,

    I have been told to use the php function htmlentities() on my site where people can input text in a textfield for security reasons. I have the code as follows but it doesnt seem to be doing anything:

    $my_league_name = $_POST;
    $league_name = htmlentities($my_league_name);

    if i enter $my_league_name as <h1>hello</h1> $league_name is still echoing as <h1>hello</h1>. Should this not be replacing the html tags?

    Thanks


Comments

  • Registered Users, Registered Users 2 Posts: 6,602 ✭✭✭daymobrew


    Maybe the browser is converting the items back to look like HTML.
    Write the returned string to a text file and see what it looks like.


  • Registered Users, Registered Users 2 Posts: 673 ✭✭✭Bananna man


    daymobrew wrote:
    Maybe the browser is converting the items back to look like HTML.
    Write the returned string to a text file and see what it looks like.

    Thanks, thats what was going on. When i view the info in my database its being stored with the html converted.

    Are my scripts still open to people trying to redefine my variables if they try inputting new variables in the textfields?


  • Registered Users, Registered Users 2 Posts: 6,602 ✭✭✭daymobrew


    Are my scripts still open to people trying to redefine my variables if they try inputting new variables in the textfields?
    I don't understand your question.

    If possible, you should do a regular expression check on the entered data, to ensure that it matches the format you expect e.g. for an age request, ensure that you get reasonable numbers.


Advertisement