SitePoint Sponsor

User Tag List

Results 1 to 2 of 2

Thread: SQL Injection

  1. #1
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Earth
    Posts
    739
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    SQL Injection

    Hey,

    I have this function to clean data upon writing to the database..

    PHP Code:
    function ValidateInput($value) {
        
    $value mysql_real_escape_string(strip_tags(trim($value))); 
        return 
    $value

    Someone has managed to insert a peice of javascript with the above function wraped around the variable? Have I missed something?

    Thanks

  2. #2
    SitePoint Wizard wonshikee's Avatar
    Join Date
    Jan 2007
    Posts
    1,223
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Don't see how strip_tags didn't remove all js, but XSS has hundreds of hacks so I'm not that surprised.

    Try http://htmlpurifier.org/ and see if that helps.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •