- Moderated by:
- Support Team
pn Var Prep For Store
-
- rank:
-
Professional
- registered:
- March 2003
- Status:
- offline
- last visit:
- 19.11.08
- Posts:
- 901
I'm expanding the pnWebLog 0.4 module, so anon users can post a comment in the guestbook [or comment on the webLog_Post, with anti-spam feature, I've added two fields
Code
pn_email varchar(60)
pn_http varchar(254)
and use
Code
'" .pnVarPrepForStore($email) . "','" .pnVarPrepForStore($http) . "',
This should be 'save' enough? If it is, then it's working perfectly...
- Igor
--
Have a nice day
zikulapro.be is currently running
Zikula 1.0.2
-
- rank:
-
Moderator
- registered:
- March 2002
- Status:
- offline
- last visit:
- 26.08.08
- Posts:
- 7720
This should be enough to prevent any attempted hacks using this code. You *may* wish to validate the input a bit futher using pnVarValidate - usage pnVarValidate($var, $type)
e.g. pnVarValidate($myvar, 'email') and pnVarValidate($myvar, 'URL').
-Mark
-
- rank:
-
Professional
- registered:
- March 2003
- Status:
- offline
- last visit:
- 19.11.08
- Posts:
- 901
Done, as suggested...
BTW
Code
if one is using pnVarValidate('$stringwhatever','email'), that doesn't work, it has to be pnVarValidate($stringwhatever,'email')
Maybe http://bjorsq.net/pnHelp/api.function.pnVarValidate.html should be updated.
Working link:
http://www.forul.be/index.php?module=WebLog&func=guestbook&uid=2
[Lay-out is not pretty... I know
]
- Igor
--
Have a nice day
zikulapro.be is currently running
Zikula 1.0.2
|
