FAQ
Hey all,

What is the most effective way to block HTML code
in insert statements?

I have a client with a comments form that is being
bombarded with people inserting references to
their own sites, etc, and I need an effective way
to filter basically any HTML tags at all.

Thanks,
Skip
--
Skip Evans
Big Sky Penguin, LLC
503 S Baldwin St, #1
Madison, WI 53703
608-250-2720
http://bigskypenguin.com
=-=-=-=-=-=-=-=-=-=
Check out PHPenguin, a lightweight and versatile
PHP/MySQL, AJAX & DHTML development framework.
http://phpenguin.bigskypenguin.com/

Search Discussions

  • Mr. Shawn H. Corey at Aug 2, 2008 at 9:21 pm

    On Sat, 2008-08-02 at 16:16 -0500, Skip Evans wrote:
    Hey all,

    What is the most effective way to block HTML code
    in insert statements?

    I have a client with a comments form that is being
    bombarded with people inserting references to
    their own sites, etc, and I need an effective way
    to filter basically any HTML tags at all.

    Thanks,
    Skip
    You have to pre-process your data to remove them.


    --
    Just my 0.00000002 million dollars worth,
    Shawn

    "Where there's duct tape, there's hope."

    "Perl is the duct tape of the Internet."
    Hassan Schroeder, Sun's first webmaster
  • Mark Goodge at Aug 2, 2008 at 9:24 pm

    Skip Evans wrote:
    Hey all,

    What is the most effective way to block HTML code in insert statements?

    I have a client with a comments form that is being bombarded with people
    inserting references to their own sites, etc, and I need an effective
    way to filter basically any HTML tags at all.
    You'll need to do that before inserting it into the database. How you do
    that depends on which scripting language you're using to generate the
    inserts.

    Mark
  • Chaim Rieger at Aug 2, 2008 at 10:10 pm
    Doubt this can be done easily if at all.
    Accept only text and no html. But even that should be the job of the form validator



    ------Original Message------
    From: Skip Evans
    To: mysql@lists.mysql.com
    Sent: Aug 2, 2008 14:16
    Subject: Blocking HTML code in inserts?

    Hey all,

    What is the most effective way to block HTML code
    in insert statements?

    I have a client with a comments form that is being
    bombarded with people inserting references to
    their own sites, etc, and I need an effective way
    to filter basically any HTML tags at all.

    Thanks,
    Skip
    --
    Skip Evans
    Big Sky Penguin, LLC
    503 S Baldwin St, #1
    Madison, WI 53703
    608-250-2720
    http://bigskypenguin.com
    =-=-=-=-=-=-=-=-=-=
    Check out PHPenguin, a lightweight and versatile
    PHP/MySQL, AJAX & DHTML development framework.
    http://phpenguin.bigskypenguin.com/

    --
    MySQL General Mailing List
    For list archives: http://lists.mysql.com/mysql
    To unsubscribe: http://lists.mysql.com/mysql?unsub=chaim.rieger@gmail.com



    Sent via BlackBerry from T-Mobile
  • Shannon Wade at Aug 2, 2008 at 10:52 pm
    assuming php from your sig strip_tags

    http://www.php.net/manual/en/function.strip-tags.php


    shannon

    On Aug 2, 2008, at 5:16 PM, Skip Evans wrote:

    Hey all,

    What is the most effective way to block HTML code in insert
    statements?

    I have a client with a comments form that is being bombarded with
    people inserting references to their own sites, etc, and I need an
    effective way to filter basically any HTML tags at all.

    Thanks,
    Skip
    --
    Skip Evans
    Big Sky Penguin, LLC
    503 S Baldwin St, #1
    Madison, WI 53703
    608-250-2720
    http://bigskypenguin.com
    =-=-=-=-=-=-=-=-=-=
    Check out PHPenguin, a lightweight and versatile
    PHP/MySQL, AJAX & DHTML development framework.
    http://phpenguin.bigskypenguin.com/

    --
    MySQL General Mailing List
    For list archives: http://lists.mysql.com/mysql
    To unsubscribe: http://lists.mysql.com/mysql?unsub=swade12@verizon.net
  • Martin Gainty at Aug 3, 2008 at 2:23 am
    I'm seeing this more and more
    I'm hearing the justification that its easier to put an pre-formatted anchor tag or href but you're right
    if html is stored in the DB then javascript can easily follow
    of course the overseas contractors sticking in href to their own sites sure does'nt help

    Glad to hear strip_tags.php has come to the rescue..

    Martin
    ______________________________________________
    Disclaimer and confidentiality note
    Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission.

    Date: Sat, 2 Aug 2008 18:51:55 -0400
    From: swade12@verizon.net
    Subject: Re: Blocking HTML code in inserts?
    To: mysql@lists.mysql.com


    assuming php from your sig strip_tags

    http://www.php.net/manual/en/function.strip-tags.php


    shannon

    On Aug 2, 2008, at 5:16 PM, Skip Evans wrote:

    Hey all,

    What is the most effective way to block HTML code in insert
    statements?

    I have a client with a comments form that is being bombarded with
    people inserting references to their own sites, etc, and I need an
    effective way to filter basically any HTML tags at all.

    Thanks,
    Skip
    --
    Skip Evans
    Big Sky Penguin, LLC
    503 S Baldwin St, #1
    Madison, WI 53703
    608-250-2720
    http://bigskypenguin.com
    =-=-=-=-=-=-=-=-=-=
    Check out PHPenguin, a lightweight and versatile
    PHP/MySQL, AJAX & DHTML development framework.
    http://phpenguin.bigskypenguin.com/

    --
    MySQL General Mailing List
    For list archives: http://lists.mysql.com/mysql
    To unsubscribe: http://lists.mysql.com/mysql?unsub=swade12@verizon.net

    --
    MySQL General Mailing List
    For list archives: http://lists.mysql.com/mysql
    To unsubscribe: http://lists.mysql.com/mysql?unsub=mgainty@hotmail.com
    _________________________________________________________________
    Reveal your inner athlete and share it with friends on Windows Live.
    http://revealyourinnerathlete.windowslive.com?locale=en-us&ocid=TXT_TAGLM_WLYIA_whichathlete_us

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmysql @
categoriesmysql
postedAug 2, '08 at 9:16p
activeAug 3, '08 at 2:23a
posts6
users6
websitemysql.com
irc#mysql

People

Translate

site design / logo © 2021 Grokbase