Page 1 of 1

Problem with string

Posted: Thu Jun 12, 2008 2:39 pm
by Monopoly
There is a problem with my guestbook:

when I type in the textarea the following string:
s
s
s
s
s
(breaking lines pressing ENTER)
I get the following output on the mainpage : s s s s s s

What should I do ? I guess I didn't add enough code ))

Thank you

Re: Problem with string

Posted: Thu Jun 12, 2008 7:39 pm
by califdon
I think the first thing you should do is explain why you think we can tell you what's wrong with code that we have never seen.

Re: Problem with string

Posted: Thu Jun 12, 2008 8:53 pm
by Ambush Commander
use nl2br(htmlspecialchars($text)). Newlines in text don't translate to newlines in HTML, and chances are you've got an XSS vulnerability.

Re: Problem with string

Posted: Fri Jun 13, 2008 4:00 am
by Monopoly
thnx Ambush Commander, it worked !