QUOTE
Srry for not being more specific that is actually what I was wondering about. What should be used for validation and security?
Well first off is security. Make sure whatever language you use, you protect against SQL injection, it is a critical threat, yet it is found everywhere. If you use php and mysql, look at mysqli_real_escape_string(), or better yet use prepared queries.
Next thing, XSS, your not going to want to allow html, so escape EVERY bit of variable data you output, even if it comes from the database. Trust Nothing. If your using PHP, again, look at htmlspecialchars() .
Validation. If you mean people posting bogus stuff, use regex to filter out unwanted data, you could also use a blacklist method of sorting out obscene words. I wouldnt discard entries tho, in case of false positive, say if something is flagged then it has the 'approved' column in the database set to 0, and have the script not show the entries not approved.
Then make a admin interface that you can edit/delete/approve entries.
3 May, 2008 - 06:28 AM
| 