Re: Is my field security secure?
Posted: Mon Oct 19, 2009 4:34 am
No problem. I am curious about this from a security prospecive though. I am under the impression that markup based attacks can be limited by using strip_tags and would like to know why you consider strip_tags useless.kaisellgren wrote:Sorry, I was talking solely from the perspective of security. Sure, you could use strip_tags() to remove some markup, but as for securing a site, it's almost always useless.JasonDFR wrote:Kai, why do you say strip_tags is useless? I would think that if the input you are asking for is not supposed to include any markup, you have two choices, use strip_tags and accept it, or invalidate it and force the user to enter a value that does not include markup.