FRIHOSTFORUMSSEARCHFAQTOSBLOGSDIRECTORY
You are invited to Log in or Register a Frihost Account!

Stop Scripting

   Frihost Forum Index -> Scripting -> Php and MySQL
 


DanielXP
I have a link adder on my site and people keep scripting it (puting html codes in to make alert boxes)

Is there any way i can stop them puting html into my textboxes?
Arnie
Very simple. If the > symbol is entered, let it be transformed to &gt; and if the < is entered, let it be transformed to &lt;
krazycapital
If you are using PHP, just add htmlspecialchars(). See: http://ca.php.net/manual/en/function.htmlspecialchars.php for more info.
mathiaus
If you're happy to use php you can simply use strip_tags ( http://uk.php.net/strip_tags )

example
Code:
//assign input from textbox to variable
$textboxvalue = $_POST['textbox_name'];
// remove html tags
$textboxvalue = strip_tags($textboxvalue);
krazycapital
The nice thing about htmlspecialchars is you can log the IP when they enter, then use a simple search to see if it contains any of those tags, and then IP ban.
Stubru Freak
There's no point in that.
Best thing is to use htmlspecialchars, so if someone wants to write "<I> <am> <cool>", it doesn't get deleted like in strip_tags, and you don't get ip banned, but it just shows up as typed.
krazycapital
Yeah, but if people constantly do it it is nice to have their IP logged. I've had it happen before where people completely ruined my site. I figured out I should do that later, and then that made my life so much easier. And a few people got banned.
DanielXP
I don't understand that but i have put a field limiter on each textbox

Problem solved Smile
Stubru Freak
Not really, if you did it in html.

People can still use their own html pages to post to yours.

What language is it written in?

Last edited by Stubru Freak on Tue Apr 04, 2006 10:16 pm; edited 1 time in total
Arnie
I suggest you either fix this solidly, or remove the whole thing completely. This is not a good fix. But then again, it's your site of course Wink
Atomo64
I recommend you to use htmlentities() and maybe (if you want) strip_tags; but with htmlentities you could keep your page valid html/xhtml Smile
DanielXP
i put an ip recorder that records the ip and the name of there link so if they script they will be banned!
Related topics
Creating an RPG bot in IRC (yes I wrote this)
Able to stop search engines from searching my site?
Protect Your Site, Or suffer the consiquences
t0d's LOL stop
Suggestion -> A small one though
secure your pc
[JAVA TUTORIALS & FILES] - Java Scripting world
Non stop spamming !		To Moderators: Should C++ questions be in "scripting&am
Is owning a stop sign illegal?
stop closing competing marketplace storefronts
Game Maker
Winter Moon :)
bash scripting help
Stop the topics!
dose your brain stop when u sneeze?		How to stop "Script Debugger" Error Message in IE
do you like the look of my site?
PHP Scripting for Dummies... like me?
If your thread is on this list, don't post it
Can't stop an executable from running on startup.....
[php]putting script fragments together?
No one plays
More stickified threads in scripting
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2007 Frihost, forums powered by phpBB.