-1

http://pastebin.com/Jti6DWU6 <-- This is a script in which there are 3 forms and i want to prevent special chars in the first field to prevent iFrame Injection... I suck at programming Can anyone help me with this?

TheNoob
  • 3
  • 2
  • What kind of "special" input? What have you attempted or used till now? Why not post relevant code *here*? (The form itself isn't relevant.) – mario Dec 13 '14 at 15:30
  • by special char input i mean "<>/\ etc" to prevent xss/iframe attacks... – TheNoob Dec 13 '14 at 15:37

2 Answers2

0

Classical protection that google could have provide you in a few seconds...

htmlspecialchars or htmlentities is the way to go.

Syscall
  • 19,327
  • 10
  • 37
  • 52
Benoît Latinier
  • 2,062
  • 2
  • 24
  • 36
0

You may use htmlspecialchars, that's what that function is for.

Check the manual.

Here's an example from the manual:

<?php
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new; // &lt;a href=&#039;test&#039;&gt;Test&lt;/a&gt;
?>

Just add the string to the 1st argument of the function. The 2nd will tell the function how to handle quotes. In the example above, it will convert both double and single quotes.

Syscall
  • 19,327
  • 10
  • 37
  • 52