html purifier and sql injection attack
July 16, 2007 03:15PM

Hi all, I've noticed html purifier for a while and now I start to get my hands on it. I'm planning to use it as a component at my own forum system. Since my forum is backed by mysql database, I wish to prevent the sql injection attempts, is html purifier has the build-in sql injection filter or do I need to have an extra component to do it. If an extra one is needed, what is a good choice since I know there are many sql filter components out there. Thank you very much.

With my best, Jim

Re: html purifier and sql injection attack
July 16, 2007 04:24PM

SQL injection filtering is out of HTML Purifier's domain. You should use the appropriate PHP functions to escape data entering your database, such as mysql_real_escape_string().

Sorry, you do not have permission to post/reply in this forum.