avoid user input <> to jabascript hack in sql while saving to database

Mr. Kanha December 26, 2020

//taking inpur from user
if (isset($_POST['submit'])) {
    $comment_content = $_POST['commentContent'];

    //replace input by below code
    $comment_content = str_ireplace('<','&lt',$comment_content);
    $comment_content = str_ireplace('>','&gt',$comment_content);
    

    //send data to database
    $sql  = "INSERT INTO comments (comment_content,comment_user,thread_id) VALUES 
            ('$comment_content','$userName','$threadID')";
    $ifSuccess = mysqli_query($conn,$sql);
    if($ifSuccess){
        echo 'successfully Saved to database';
    }
  }

avoid user input <> to jabascript hack in sql while saving to database

Post a Comment

0 Comments

Search This Blog

Labels

Popular Posts

Select Data From Database In JSP

Cannot modify header information - headers already sent by (output started a line error solve

Odisha Govt Link

Random Posts

Popular Posts

How to disable NetworkManager on CentOS / RHEL 7

How to Set or Change Hostname in CentOS/RHEL 7/8

Cannot validate the php file. The php program was not found

Menu Footer Widget

avoid user input <> to jabascript hack in sql while saving to database

You may like these posts

Post a Comment

0 Comments

Search This Blog

Labels

Popular Posts

Select Data From Database In JSP

Cannot modify header information - headers already sent by (output started a line error solve

Odisha Govt Link

Random Posts

Popular Posts

How to disable NetworkManager on CentOS / RHEL 7

How to Set or Change Hostname in CentOS/RHEL 7/8

Cannot validate the php file. The php program was not found

Menu Footer Widget