|
-
Sep 21st, 2011, 07:54 AM
#1
[RESOLVED] Filtering & sanitizing user comments
Hi guys 
I'm creating a comment system, where users could post their comments about particular titles.
I'll collecting:
- Name
- Email
- Comment
- IP address (via $_SERVER['REMOTE_ADDR'])
I'll be storing this comments in the database and will be displaying later.
What I wanna do:
- remove any sql injection possibilies (presently, I'm not using PDO or mySQLi)
- remove any possible HTML code or any scripts being entered by the user
- display only plain-text
I have tried gathering some info from Google.
strip_tags()
PHP Filter Functions
htmlentities
But I'm a bit confused as some people used depreciated functions.
If you are supposed to create something like this, what all things will you use/include ?
Thanks
If my post was helpful to you, then express your gratitude using Rate this Post. 
And if your problem is SOLVED, then please Mark the Thread as RESOLVED (see it in action - video)
My system: AMD FX 6100, Gigabyte Motherboard, 8 GB Crossair Vengance, Cooler Master 450W Thunder PSU, 1.4 TB HDD, 18.5" TFT(Wide), Antec V1 Cabinet
Social Group: VBForums - Developers from India
Skills: PHP, MySQL, jQuery, VB.Net, Photoshop, CodeIgniter, Bootstrap,...
-
Sep 21st, 2011, 10:14 AM
#2
Fanatic Member
Re: Filtering & sanitizing user comments
you should read this: http://php.net/manual/en/security.da...-injection.php
i always use strip_tags(), and mysql_real_escape_string()
if you wanna use the tags to make BB codes later on, you should use this function instead of strip_tags: http://php.net/manual/en/function.htmlspecialchars.php
list of html special characters: http://www.utexas.edu/learn/html/spchar.html
also one function i use to check if the name is alphanumeric:
PHP Code:
function namecheck($str){ $str_length = strlen($str); for($i=0;$i<$str_length;++$i){ $character = substr($str,$i,1); if ((ord($character) < 65) & (!(ord($character) > 47) && (ord($character) < 58)) && (!(ord($character) == 32))) { return false; } if ((ord($character) > 90) && (ord($character) < 97)) { return false; } } return true; }
-
Sep 21st, 2011, 10:28 AM
#3
Re: Filtering & sanitizing user comments
Thanks 
I found a couple of methods that could check whether the string is alpha or alphanumeric:
Seems like a bit faster than using regular expression (via, preg_match()).
If my post was helpful to you, then express your gratitude using Rate this Post. 
And if your problem is SOLVED, then please Mark the Thread as RESOLVED (see it in action - video)
My system: AMD FX 6100, Gigabyte Motherboard, 8 GB Crossair Vengance, Cooler Master 450W Thunder PSU, 1.4 TB HDD, 18.5" TFT(Wide), Antec V1 Cabinet
Social Group: VBForums - Developers from India
Skills: PHP, MySQL, jQuery, VB.Net, Photoshop, CodeIgniter, Bootstrap,...
-
Sep 21st, 2011, 06:44 PM
#4
Re: Filtering & sanitizing user comments
Use PDO and htmlspecialchars.
-
Sep 21st, 2011, 09:33 PM
#5
Re: Filtering & sanitizing user comments
 Originally Posted by penagate
Use PDO and htmlspecialchars.
Thanks
If my post was helpful to you, then express your gratitude using Rate this Post. 
And if your problem is SOLVED, then please Mark the Thread as RESOLVED (see it in action - video)
My system: AMD FX 6100, Gigabyte Motherboard, 8 GB Crossair Vengance, Cooler Master 450W Thunder PSU, 1.4 TB HDD, 18.5" TFT(Wide), Antec V1 Cabinet
Social Group: VBForums - Developers from India
Skills: PHP, MySQL, jQuery, VB.Net, Photoshop, CodeIgniter, Bootstrap,...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|