Question: Sanitisation of form data before post to DB

TopicsQuestion: Sanitisation of form data before post to DB

Home Forums Quform WordPress Question: Sanitisation of form data before post to DB

This topic is: resolved
  • This topic has 2 replies, 2 voices, and was last updated 7 years ago by katw.
Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • May 1, 2018 at 10:05 pm #25404
    katw
    Participant

    Does QuForm sanitise data before posting to database to avoid nasty injected code?

    I know we can apply STRIPTAGS filter to fields but this is a brute force block.

    Much like this forum post area we want users to be able to use “safe” tags in the <textarea> fields.

    So they can use hyperlinks and use styling tags to express themselves better. But we don’t want injected code and nasties.

    Do you apply HTMLENTITIES() to encode textarea fields? Do you do this also on normal <INPUT> fields?

    May 2, 2018 at 5:58 pm #25460
    Ally
    Support Staff

    You don't have permission to view this content. Please log in or register and then verify your purchases to gain access.

    May 3, 2018 at 2:06 pm #25488
    katw
    Participant

    Okay thanks.

    CLOSE TICKET

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.
Be inspired. © 2024 ThemeCatcher Ltd. 20-22 Wenlock Road, London, England, N1 7GU | Company No. 08120384 | Built with React | Privacy Policy