-1

I am using PHP with MySQLi(improved), I just want to know how to securely insert textarea content. My textarea content is using a text editor which has bold, italic, underline and bullet options.

What I want now is when the content is inserted it should preserve the above tags and also securely insert data in the database (PHPMyAdmin). I am confused about sanitizing, stripping etc.,

Please guys give me a brief demo with source code to get the job done as mentioned above.

halfer
  • 19,824
  • 17
  • 99
  • 186
Syed Naveed
  • 83
  • 1
  • 10
  • 1
    Too many questions without sense. Do you know, what do you want to strip? What do you want to sanitize? Do you undestand against what kind of attacks you want to secure? – Gennadiy Litvinyuk Jan 18 '16 at 14:06
  • Please post your tried code – B001ᛦ Jan 18 '16 at 14:07
  • Maybe you are looking for [prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) ? – Answers_Seeker Jan 18 '16 at 14:27
  • This is too broad or unclear. I'd add that a number of your questions are a bit chatty without any substance - we don't need please-help-mes and gimme-an-example-plz - we need to see the code you have written and what problem you are having with it. – halfer Nov 18 '17 at 12:40

1 Answers1

1

This is arguably too broad, but there is actually a 1-2-3 solution to your question:

  1. Use HTTPS on your entire application to prevent MitM tampering. If you skip this step, you're living dangerously. Check out Let's Encrypt for free TLS certificates.
  2. Use prepared statements to prevent SQL injection. Don't bother with input sanitation.
  3. When rendering user input back to the user, use context-aware escaping to prevent XSS vulnerabilities.

Consider also reading: how to develop secure web applications in PHP and the fundamentals of web application security.

Please guys give me a brief demo with source code to get the job done as mentioned above.

No, you're going to have to learn this and write your own code. This isn't a place for you to get people to work for you for free, it's a place to learn.

Scott Arciszewski
  • 33,610
  • 16
  • 89
  • 206