Forum Question

ziggs

Hey! Whats up. I gotta question. When someone inserts like <javascript .... In a form how does it simply just display the text and not actually execute the code? Could you simply just use a print(" or would you need to use Echo? What is the best way about going to this.
Ziggs

Anon

The simplest way is to use htmlspecialchars() or just do a string replace on the greater than and less than tags like this ...

$mystring = str_replace("<","<",$mystring);
$mystring = str_replace(">",">",$mystring);

Anon

Arghh, the second parameter should have & lt; and & gt;
(without the spaces) I forgot you cannot show them that way here.

ziggs

Thanks david. I will do that.

What other security things should be watched with PHP and Apache? What are the most common Security exploits used today? Thanks!
Ziggs

Anon

How do u create a forum? I am using Microsoft Front Page and i would like to know how i would create a forum?

sid666

i dont think front page is the best tool to attempt that ;-)