Right, I've been given some code to maintain and some of the vulnerabilities are clearly obvious.
I'm just looking for a quick way to cleanse $_POST so it's safe to echo to the page...
Is that enough? I already have sql injection in place in the database scripts so no need to worry about that here.
* edit: I thought they'd fixed the php code background colour here?
I'm just looking for a quick way to cleanse $_POST so it's safe to echo to the page...
Code:
foreach ($_POST as &$value) {
$value = strip_tags($value);
}Is that enough? I already have sql injection in place in the database scripts so no need to worry about that here.
* edit: I thought they'd fixed the php code background colour here?
