I want to use FCKeditor to insert text and formatting directly into MSSQL db but wouldn't this be an opportunity for someone to run some malicious code, and if so can I use something to detect and reject it if it happens?
Wed, 10/17/2007 - 12:15
#1
Re: Is it safe to insert into db?
FCKeditor is just a tool to provide a nice frontend for the user to edit HTML, but you must do your protections on the server side and be careful in the way that you code your pages.