Form Processing

fnbcprog

Has anyone heard anything about hackers being able to input data into a form field for some sort of redirection or something? I had just heard something about it. Is there anyway that when a form is submitted it will not allow any HTML tags to be present in the corresponding fields?

bastien

http://www.php.net/manual/en/function.html-entity-decode.php

http://www.php.net/manual/en/function.addslashes.php

this is very important to take care of...you should disable all html characters before adding to the db...also code against sql injection attacks...

you might even want to compare the form data against an array of 'bad words' like (redirect, drop, etc) to stop the user from inputting anything that might cause a problem.

hth