and then insert the $str to the databse
like this you will avoid cross site scripting and SQL injection :)
but here you are disabling HTML tags in the comment box
if you want to enable some read in php.net about strip_tags fcn string *
strip_tags* ( string $str [, string $allowable_tags ] )
I am here for further information
On Wed, Jun 1, 2011 at 9:30 AM, eo <eo2683@gmail.com> wrote:
>
>
> Hi guys,
> I am using wordpress on my site, and twice in 14 months my site has been
> hacked. Both times index.php gets changed in root folder, i am not sure but
> i suppose it is done using comments. Can anyone tell how it is being done &
> how to evade it?
>
>
>
--
Best Regards
Ahmad Seder
www.gates.ps
0597333313
0599864000
[Non-text portions of this message have been removed]
------------------------------------
Are you looking for a PHP job?
Join the PHP Professionals directory Now!
http://www.phpclasses.org/jobs/
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-objects/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/php-objects/join
(Yahoo! ID required)
<*> To change settings via email:
php-objects-digest@yahoogroups.com
php-objects-fullfeatured@yahoogroups.com
<*> To unsubscribe from this group, send an email to:
php-objects-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
No comments:
Post a Comment