Hardening PHP forums

Question

Possible Duplicate:
What’s the best method for sanitizing user input with PHP?
Preventing XSS with PHP

I own a database with old php forums, and I have a textarea that I want to harden from the XSS.. I am new in that field..

The textarea is defined as :

 <textarea name="information" cols="60" row="4" id="infoid" > < /textarea>

What should I add to prevent it from taking " < , >" symbols ???

[The Great Escapism (Or: What You Need To Know To Work With Text Within Text)](http://kunststube.net/escapism/) — deceze, Nov 10 '12 at 08:05
It's surprising that you are aware of xss but have never heard about `htmlspecialchars()`. — asprin, Nov 10 '12 at 08:07
I found this "), htmlspecialchars($str, ENT_NOQUOTES, "UTF-8")); } ?> When I add it to the code it will work, I dont add any thing to the textarea tag ?? — user1413188, Nov 10 '12 at 08:11
how about just googling htmlspecialchars as Daedalus told you? alternately i will now go against the law and give you the first search result (querying my brain) http://php.net/htmlspecialchars — GottZ, Nov 10 '12 at 08:42
Many of your questions are getting closed! Beware! a multitude of closed and downvoted questions will get you **automatically banned by the system**! Shape up! — Madara's Ghost, Nov 10 '12 at 10:11

score 0 · Answer 1 · answered Nov 10 '12 at 08:07

0

Why not take anything that comes your way? Convert and escape those characters. i.e < is converted to < etc. That will keep the punters happy AKA the people paying the cash.

Also it is trivial see htmlspecialchars

answered Nov 10 '12 at 08:07

Ed Heal

59,252
17
87
127

emm can some one use $lt in reverse to hack me ?? !!!! – user1413188 Nov 10 '12 at 08:17
Also, where should I add this function string htmlspecialchars ( string $string [, int $flags = ENT_COMPAT | ENT_HTML401 [, string $encoding = 'UTF-8' [, bool $double_encode = true ]]] ) – user1413188 Nov 10 '12 at 08:18
Start with php's manual, @user1413188. – Daedalus Nov 10 '12 at 08:21
No. I mean google 'php manual' and start reading, @user1413188. – Daedalus Nov 10 '12 at 18:59

Hardening PHP forums

1 Answers1