Hello, After searching over the internet how to secure a web application(forms) in PHP, in most of the cases were just suggestions not a short and real example. In some cases is suggested to use strip_tags( trim( $_POST['PARAMETER'] ) ); but when you have some special inputs like comments field htmlentities ( trim ( $_POST[ ‘comment’ ] ) , ENT_NOQUOTES ); is suggest. Maybe there is a useful example (custom made function) to achieve standard safe methods without introducing complicated libraries like HTMLPurifier into the application. Thank you for your time!

Member Avatar
Member Avatar
+0 forum 5

So I'm using an Ajax request and processing input of sentence(s) in my program that will be looked up using a thesaurus API. The processing works fine, but I am trying to get it so that it will strip bad input such as semicolons in order for the API to work, but I'm also trying to get it to display the original input when it's done. So this is basically two strings: one for lookup, one for display. Here is my code: <?php $sentence = sanitize($_POST["sentence"]); $words = explode(" ", $sentence); foreach ($words as $word) { $sanitizedWord = ereg_replace("[^A-Za-z0-9']", "", …

Member Avatar
Member Avatar
+0 forum 3

# This is a simple HTML String Sanitizing tool. # ## It allows a highly rich,- but safe - html content input to be published on your pages. ## **The script code is very light and to some degree customizable.** * This function takes care of blacklisted tags, which are the first to be discarded without further processing. * Otherwise, it checks *link* protocols for code injection, and strips it off if JavaScript is encountered. * Further on, it removes all event driven code assignments from event attributes on all tags. * And lastly, it restores images after stripping their …

Member Avatar
Member Avatar
+2 forum 2

The End.