vBulletin LTS

Back to vBulletin 3 Articles

Easily prevent HTML injection
by filburt1 23 Apr 2003
To easily prevent HTML injection from HTML that happens to be in the results of a database query, do this:
PHP Code:
while ($bits $DB_site->fetch_array($result))
{
    foreach ($bits as $key => $value$bits[$key] = htmlspecialchars($value);
    .
    .
    .

That goes through every single element from the fetch_array method and converts all HTML junk to their entities. Then, when you use "$bits[something]" in a template, the user won't be able to inject HTML at all.

vblts.ru supports vBulletin®, 2022-2024