XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. Q and A 
  4.  / using Xoops text sanitizer
Register
1
yingzhao
using Xoops text sanitizer

  • 2010/2/27 1:22

  • yingzhao

  • Just popping in

  • Posts: 45

  • Since: 2008/5/12


I am developing a custom module for xoops, and need to protect it from SQL injection, script injection and so on. My site has protector installed and configured. In this case, in my own module, do I need to call text sanitizer for $_GET data? Can anyone tell me whether it is good enough to use text sanitizer only on text/textarea fields coming from form post? Thank you.
2
zyspec
Re: using Xoops text sanitizer

  • 2010/2/27 17:57

  • zyspec

  • Module Developer

  • Posts: 1095

  • Since: 2004/9/21


yngzhao,

Using the module textsanitizer functions (addslashes/stripslashes) from a POSTed text/textarea field should be sufficient for what you want. I would recommend you sanitize 'other' types of data (e.g. integers, etc) more thoroughly than just using the module textsanitizer so you don't end up with indexes that aren't the type (e.g. integer) you expect or that it's outside of the expected range.
3
andrey3761
Re: using Xoops text sanitizer

$myts =& MyTextSanitizer::getInstance();
$data = isset($_POST['data']) ? $myts->addSlashes($_POST['data']) : '';


At database level (Look, that there was no double quoting):
$data = isset($_POST['data']) ? $myts->stripSlashes($_POST['data']) : '';
$data $xoopsDB->quoteString($data);
4
yingzhao
Re: using Xoops text sanitizer

  • 2010/2/28 1:57

  • yingzhao

  • Just popping in

  • Posts: 45

  • Since: 2008/5/12


Thank you for the thorough explanation.

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

154 user(s) are online (105 user(s) are browsing Support Forums)

Members: 0

Guests: 154

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Apr 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits