Hello,

I would like to prohibit (or remove) the use of tags HTML in the fields of the form.

I would like to use the function php strip_tags, but I do not see how to do this.

For example with : strip_tags($comments);

You can help me ?

Thanks, Mj.

Do you want to strip them before they are inserted to the database, or only when they are displayed? If so, find where that line is set or displayed and add the function reference as you have provided. It should be as simple as that.

Hello,

Thanks for your answer. :)

In fact, I used the function on the "thankyou.php" page and the file "contactus.php" :

<?php echo (strip_tags(str_replace("\n","<BR />",$pval))); ?>

It seems to function correctly.

>> Do you want to strip them before they are inserted to the database,
1) Yes, it would be possible to use the function to avoid injection SQL ?

2) I would like to also record the email in a file CSV.
There is a possible solution ?

Thanks for your assistance.

Mick

1) HTML has nothing to do with SQL injection. You don't need to add it to prevent injection... maybe cross-site scripting, but that can be handled on the display side or the database side with equal results.

2) WebAssist does not offer a solution for writing a file. This is relatively easy to do in php with a little scripting.

I have a last question.

The form is protected from the injection email headers ?

Thanks for your patience !

Mick

We have not had any recent reports of email header injection, but I imagine it would be possible to create an email form that could be attacked in that way, but nobody has reported a problem at the same time.

Any time you are referring to a form post directly, you should be concious of email injection and cross site scripting holes opened by how you are using that form element. If anyone does find a email injection hole please report it as soon as possible.