How does MyBB Clean Posted Variables?
#11
floatval() for floats

Or you can check with is_numeric, or use CType libraries, or regular expressions. There are many methods for filtering things out - just make sure you remember to do so!



Oh, and I recommend santizing most (or all if you're uncertain) inputs, as these are potential exploits. In fact, the MyBB 1.2.11 update patches an exploit caused by improper input sanitization going directly into an eval() statement.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)