John W. Holmes wrote:
My only point was that I felt you _did_ need to use regular expression
to ensure you're only converting paired tags. Just using str_replace()
could leave orphaned tags unless you're keeping a count of what's been
replaced. :)
I would suggest to use xml parsing functions to
Chris Shiflett wrote:
--- "CPT John W. Holmes" <[EMAIL PROTECTED]> wrote:
Heh... my turn to disagree again. You can do a simple str_replace()
to convert "" back into "", but you're going to have to
do it for each case. Also by doing that blindly, you can end up with
orphaned tags affecting the
Chris Shiflett wrote:
> --- "CPT John W. Holmes" <[EMAIL PROTECTED]> wrote:
>> Heh... my turn to disagree again. You can do a simple str_replace()
>> to convert "" back into "", but you're going to have to
>> do it for each case. Also by doing that blindly, you can end up with
>> orphaned tags a
--- "CPT John W. Holmes" <[EMAIL PROTECTED]> wrote:
> Heh... my turn to disagree again. You can do a simple str_replace()
> to convert "" back into "", but you're going to have to
> do it for each case. Also by doing that blindly, you can end up with
> orphaned tags affecting the rest of your pa
CPT John W. Holmes wrote:
> From: "Wouter van Vliet" <[EMAIL PROTECTED]>
>
>> Let's make this personal: what would be your answer if I would advice
>> the friendly person to do this:
>
> Heh.. I hope you're just kidding about "making it
> personal"... I was just presenting security problems with
From: "Chris Shiflett" <[EMAIL PROTECTED]>
> --- "CPT John W. Holmes" <[EMAIL PROTECTED]> wrote:
> >
> > I'm against letting users enter HTML in their data, also. I'd rather
> > emply a bbcode type solution, turning [b] into , etc.
>
> I disagree with John here, but that's OK. :-) We seem to have d
--- "CPT John W. Holmes" <[EMAIL PROTECTED]> wrote:
> > Let's make this personal: what would be your answer if I would
> > advice the friendly person to do this:
>
> Heh.. I hope you're just kidding about "making it personal".
I think it might be a language subtlety that wasn't intended to mean w
From: "Wouter van Vliet" <[EMAIL PROTECTED]>
> Let's make this personal: what would be your answer if I would advice the
> friendly person to do this:
Heh.. I hope you're just kidding about "making it personal"... I was just
presenting security problems with various solutions.
> (..) $Content h
* Thus wrote Troy S ([EMAIL PROTECTED]):
> Greetings,
>
> What is the best way to remove the characters from strings that may
> cause security problems? Namely, `, ', ", <, >, \ and all non-printing
> strings. Did I miss any? Thanks.
Cause security problems in what sense?
Curt
--
"My PHP
--- Troy S <[EMAIL PROTECTED]> wrote:
> What is the best way to remove the characters from strings that may
> cause security problems? Namely, `, ', ", <, >, \ and all non-printing
> strings. Did I miss any?
As others have mentioned, this is the wrong approach if security is your
concern. If som
> -Oorspronkelijk bericht-
> Van: John W. Holmes [mailto:[EMAIL PROTECTED]
> Verzonden: vrijdag 21 november 2003 14:38
>
> Wouter van Vliet wrote:
> >John W. Holmes
> >>Troy S wrote:
> >>>What is the best way to remove the characters from strings that may
> >>>cause security problems? Na
Wouter van Vliet wrote:
John W. Holmes
Troy S wrote:
What is the best way to remove the characters from strings that may
cause security problems? Namely, `, ', ", <, >, \ and all non-printing
strings. Did I miss any? Thanks.
Why do you need to remove them? So I can't type ? Is that a
security vi
> -Oorspronkelijk bericht-
> Van: John W. Holmes [mailto:[EMAIL PROTECTED]
>
> Troy S wrote:
>
> > What is the best way to remove the characters from strings that may
> > cause security problems? Namely, `, ', ", <, >, \ and all non-printing
> > strings. Did I miss any? Thanks.
>
> Why d
Troy S wrote:
What is the best way to remove the characters from strings that may
cause security problems? Namely, `, ', ", <, >, \ and all non-printing
strings. Did I miss any? Thanks.
Why do you need to remove them? So I can't type ? Is that a
security violation? All you need to do is use
Troy S wrote:
> What is the best way to remove the characters from strings that may
> cause security problems? Namely, `, ', ", <, >, \ and all non-printing
> strings. Did I miss any? Thanks.
Do it the other way, allow only characters
you know are safe and strip the rest. Use, for
ex
15 matches
Mail list logo
