sanitizing a guestbook
Posted: Sat Jun 02, 2007 11:45 am
I'm making a guestbook and for the most part I'm finished. The only thing I need to do know is make sure it's safe from attacks (which I don't think it's 100% safe).
Functions include adding a comment with name, email, homepage, comment and a no spam question must be answered. There is a database and an admin control panel that allows the admin to edit/delete comments and change a bunch of site parameters.
My question is where do I properly use htmlspecialchars and where do I use addslashes, etc? I've heard htmlspecialchars is only used when output information like <input type=text value="<?php echo $something; ?>">
Thanks!
Functions include adding a comment with name, email, homepage, comment and a no spam question must be answered. There is a database and an admin control panel that allows the admin to edit/delete comments and change a bunch of site parameters.
My question is where do I properly use htmlspecialchars and where do I use addslashes, etc? I've heard htmlspecialchars is only used when output information like <input type=text value="<?php echo $something; ?>">
Thanks!