2011-10-22, 02:25 PM
2011-10-22, 02:28 PM
XSS? Just don't allow HTML input.
As for bots, use a captcha.
As for bots, use a captcha.
2011-10-22, 02:34 PM
For XXS can you show some piece of code.
But I had bots attack on my site and they were just comming on the site not spamming or anything.
Thanks!
But I had bots attack on my site and they were just comming on the site not spamming or anything.
Thanks!
2011-10-22, 02:39 PM
XSS Prevention:
Depending on what type of bots they are, reCAPTCHA is a good solution.
$str = $_POST['input'];
$str = htmlspecialchars($str);
echo $str;
Depending on what type of bots they are, reCAPTCHA is a good solution.
2011-10-22, 02:41 PM
2011-10-22, 08:58 PM
MyBB has a function that you should use.
htmlspecialchars_uni()
So you'd use this:
$str = htmlspecialchars_uni($str);
htmlspecialchars_uni()
So you'd use this:
$str = htmlspecialchars_uni($str);
2011-10-22, 09:17 PM
(2011-10-22, 08:58 PM)labrocca Wrote: [ -> ]MyBB has a function that you should use.
htmlspecialchars_uni()
So you'd use this:
$str = htmlspecialchars_uni($str);
OP didn't specify if he wanted to apply it to a MyBB forum or not; hence why I didn't reference that function.
Nonetheless OP, htmlspecialchars_uni() would be your best solution if you are.
2011-10-22, 11:14 PM
Easy enough to grab the official MyBB function for your own use though.
2011-10-23, 12:16 AM
What's the advantage over using MyBB's function? (Not trying to be an lime, I'm genuinely interested.)
2011-10-23, 12:20 AM
(2011-10-23, 12:16 AM)pyridine Wrote: [ -> ]What's the advantage over using MyBB's function? (Not trying to be an lime, I'm genuinely interested.)
MyBB's function allows unicode.
E.g. using U+00E9 for é.
(At least that's what I gathered by the comments)