Ticket #1320 (closed defect: fixed)
Make sure that your data is passed through process_db_input function or is saved using forms
| Reported by: | AlexT | Owned by: | Everybody |
|---|---|---|---|
| Priority: | major | Milestone: | Dolphin 7.0 (Hookie) Beta 8 |
| Keywords: | Cc: |
Description (last modified by AlexT) (diff)
Make sure that your any data is passed through process_db_input function using the way described below, or is saved using forms
As the result use the following sample code:
$sVal = $_REQUEST['some_value']; // just for example, it shows that $sVal comes from browser
- $sVal is not a string but a number:
$iVal = (int)$sVal; //or $iVal = (float)$sVal;
- $sVal has html code and you need to save this html code (for example you have tinymce area).
$sVal = process_db_input($sVal, BX_TAGS_VALIDATE);
- $sVal has html code and you need to get rid of all tags:
$sVal = process_db_input($sVal, BX_TAGS_STRIP);
- $sVal has html code and you need to translate it to htmlchars to display the code (not recommended, it is better to use this way when you want to display saved data to user):
$sVal = process_db_input($sVal, BX_TAGS_SPECIAL_CHARS);
no additional stripslashes or addslashes !!!! only above code
Change History
comment:10 Changed 2 years ago by AlexL
Done for flash (Ray) components
comment:11 Changed 2 years ago by AndreyP
Done for blogs / ads / custom RSS
comment:12 Changed 2 years ago by LeonidS
Done for albums & files modules
comment:13 Changed 2 years ago by AntonL
Done for:
Articles
Feedback
News
Payment
Membership
Wall
comment:14 Changed 2 years ago by AlexT
Done: Avatar, Events, Google Site Search, Groups, World Map, Store, XMLRPC interface
comment:15 Changed 2 years ago by AlexT
Done for system files in root folder
comment:16 Changed 2 years ago by AlexT
Done for inc/*, inc/classes/* and templates/base/script/*
comment:17 Changed 2 years ago by sashae
Done for polls, simple messenger, shoutbox, mailbox
Note: See
TracTickets for help on using
tickets.
