|
#1
August 2nd, 2006, 07:27 PM
|
||||
|
||||
|
PHP & Hidden Form Values
So I've created a comment system for my school's newspaper website so users can add comments to the bottom of articles. It works fine except to prevent spam I was forced to use a multi-page form, passing the form data through hidden form values. The problem arises when a user adds a comment with a quotation mark.
ex: Comment: Hi It's Enat so on the next page the input rendered by the php is: <input name='c' type='hidden' value='Hi It\'s Enat' /> Magic Quotes is on so it does add a slash, but that doesn't help because the slash still ends the html value, though not the echo statement that echo's the html. As you can see the stuff in orange is not included. What is the work around for this? Thanks in Advance 
|
|
#2
August 2nd, 2006, 09:18 PM
|
||||
|
||||
|
Well I've figured it out...or atleast a work around.
I'm now using cookieless sessions. Passing the SID from page to page. This way I don't have to deal with inputs.
|
|
#3
August 3rd, 2006, 10:15 AM
|
||||
|
||||
|
You should use double quotes for HTML values, attributes etc. It usually works out better that way.
If you want better security then have a login system or use some type of CAPTCHA system.
__________________
Cheers, Degs Please post back with your results CTH Terms of Use CTH Subscriptions :: Adaware Guide :: HijackThis
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 03:13 PM.
[
RSS ]
