Michael,
I can be useful for me. It seems there will be not ant charset problem
occurs.
Thanks for help.
Caner.
2009/6/23 Michael A. Peters
> Caner BULUT wrote:
>
>> Hi Guys,
>>
>>
>> I have a question if you have any knowledge about this please let me know.
>>
>>
>> I getting data from a for
Caner BULUT wrote:
Hi Guys,
I have a question if you have any knowledge about this please let me know.
I getting data from a form with POST method like following.
$x = htmlentities($_POST['y']);
.
After getting all form daha I save them into DB, I used
mysql_real_escape_strin
Hi Guys,
I have a question if you have any knowledge about this please let me know.
I getting data from a form with POST method like following.
$x = htmlentities($_POST['y']);
.
After getting all form daha I save them into DB, I used
mysql_real_escape_string.
I have an page wh
On Mon, Sep 8, 2008 at 5:27 AM, Eric Butera <[EMAIL PROTECTED]> wrote:
> http://htmlpurifier.org/
+1 vote for htmlpurifier
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
IMHO, the obvious choice (for PHP) should be HTML Purifier by Edward Yang.
Link: http://htmlpurifier.org/
--Bipin Upadhyay.
On Mon, Sep 8, 2008 at 5:46 PM, Emil Edeholt <[EMAIL PROTECTED]> wrote:
> Hello,
>
> Do you know of any good ways to filter out javascript from html code? I've
> seen this c
On Mon, Sep 8, 2008 at 8:16 AM, Emil Edeholt <[EMAIL PROTECTED]> wrote:
> Hello,
>
> Do you know of any good ways to filter out javascript from html code? I've
> seen this code http://kallahar.com/smallprojects/php_xss_filter_function.php
> but I found some old discussions about it saying that it w
Hello,
Do you know of any good ways to filter out javascript from html code?
I've seen this code
http://kallahar.com/smallprojects/php_xss_filter_function.php but I
found some old discussions about it saying that it wasn't really secure.
There most be some safe way to filter out xss without
On Dec 26, 2007 12:03 PM, Mad Unix <[EMAIL PROTECTED]> wrote:
> Am facig problem with XSS cross Site scripting general on our web site, and
> i think its a coding issue
> since our dedicated server run Linux with apache mysql and php...
> any recommendation to resolve this issue
>
> --
> madunix
>
On Wed, 2007-12-26 at 21:08 +0100, Børge Holen wrote:
> On Wednesday 26 December 2007 21:03:40 Mad Unix wrote:
> > Am facig problem with XSS cross Site scripting general on our web site, and
> > i think its a coding issue
> > since our dedicated server run Linux with apache mysql and php...
> > any
On Wednesday 26 December 2007 21:03:40 Mad Unix wrote:
Am facig problem with XSS cross Site scripting general on our web
site, and
i think its a coding issue
since our dedicated server run Linux with apache mysql and php...
any recommendation to resolve this issue
Sure!
---
Rahul Sitaram Jo
On Wednesday 26 December 2007 21:03:40 Mad Unix wrote:
> Am facig problem with XSS cross Site scripting general on our web site, and
> i think its a coding issue
> since our dedicated server run Linux with apache mysql and php...
> any recommendation to resolve this issue
yes!
you feel s
Am facig problem with XSS cross Site scripting general on our web site, and
i think its a coding issue
since our dedicated server run Linux with apache mysql and php...
any recommendation to resolve this issue
--
madunix
Sandy Keathley wrote:
>
> Is there a way to detect that a script is being accessed by curl, and
> not by a browser? ENV ($_SERVER) variables won't work, as
> those can be forged.
>
Use a CAPTCHA test:
http://en.wikipedia.org/wiki/Captcha
HTH, cheers!
Silvio
--
tradeOver | http://www.tradeo
Sandy Keathley wrote:
My company uses a home-grown formmail script for clients
, and someone is using curl to inject HTTP headers
and spam email addresses, and turn it into an open relay.
Yes, I know the right answer is to not use a formmail,
but I don't make the rules here.
Is there a way to de
Sandy Keathley wrote:
My company uses a home-grown formmail script for clients
, and someone is using curl to inject HTTP headers and
spam email addresses, and turn it into an open relay. Yes, I know
1. cut out the ability for the poster (form submitter) to determine who is
addressed.
2. str
My company uses a home-grown formmail script for clients
, and someone is using curl to inject HTTP headers and
spam email addresses, and turn it into an open relay. Yes, I know
the right answer is to not use a formmail, but I don't make the rules
here.
Is there a way to detect that a script i
Is the general wisdom that using strip_tags on input is sufficient to
protect against XSS vulnerabilities from that input? I have been doing
some reading on it but haven't found anything that suggests a
vulnerability that removing the tags in this way would not cure.
Are there multi-level enco
17 matches
Mail list logo
