first of all sorry for my english, i'm italian.
I ask for the security using fck.
I use it in a form of a RPG game, in character page, where the user inser the info about his rpg character.
I know that it's possibile for an user, in input forms, to insert bad code as sql injection, and caused tables drop or something bad. (like insert bad script, etc etc)
usually I write in mysql with the htmlspecialchars() function, so in database (for example) < become < ;
but with FCK i send this: $oFCKeditor = new FCKeditor('abcabcabc') ; where abcabcabc is the db field.
And in the db fields. there is the html code!! so i think is it not protect
can you solve my doubt??
Sun, 07/22/2007 - 12:45
#1
Re: fck is sure against sql injection?
sorry if I up this, but it's important for my site
Re: fck is sure against sql injection?
Also it also doesn't check against malicious html so you better check who do you allow to use the editor and properly check that they have inserted only valid html (and the meaning of valid depends on you)