开发者

securely accepting html in mysql

开发者 https://www.devze.com 2023-01-23 04:40 出处：网络

I allow some HTML tags to be used in my form. Ho开发者_如何学JAVAw can ensure my database (mysql) is safe, when using php to insert this data into it?Use prepared statements to escape it for sql and h

相关专题：security

I allow some HTML tags to be used in my form. Ho开发者_如何学JAVAw can ensure my database (mysql) is safe, when using php to insert this data into it?

Use prepared statements to escape it for sql and htmlentities when outputting it to html.

What's the best method for sanitizing user input with PHP?

I'm not familiar with PHP, but there should be some helper functions that will help. Use prepared statements to prevent SQL injection attacks from working. That will prevent the first danger. The second is to sanitize the HTML to only allow the tags you deem safe. I.e. all tags and form tags should be removed, as well as tags that would ruin the layout of your site. You'll have to find the library method to do this.