Forums

avoid hack via input fields: validation/htmlspecialchars?

Cugar 08 Jan, 2015
Hi,

how can I avoid that input like <script>....</script> is saved into the database and the site being hacked this way?

Usually, I'd convert all inputs using php htmlspecialchars so that displaying the db entry above won't execute a script, etc...

On top, it looks like that the custom validation option is no longer present in V5.

Do you recommend to use an event switcher instead and convert the inputs via php?

Other methods/options build into chronoforms5?

Thanks
Cugar 08 Jan, 2015
OK, found below article which recommends to use the event switcher in V5 for custom serverside validation.

http://www.chronoengine.com/faqs/70-cfv5/5212-event-switcher.html

This leaves the task to convert the input text and replace the htmlspecialchars...

Any slick code available to do this - will be appreciated.
Max_admin 09 Jan, 2015
Hi Cugar,

If you save the script tags saved then you should display them when you need them, how would anybody display them if you don't want to ?

Regards,
Max
Max
ChronoForms developer...
Did you try ChronoMyAdmin for managing your Joomla database tables ?
Cugar 09 Jan, 2015
Hi Bob, super FAQ!!

Really appreciated.

Cugar
This topic is locked and no more replies can be posted.