Tag Archive | starburst-photography

A new project abounds…

Following a shout-out from a classmate, I’ve had a look at his Flash / PHP e-mail script.

While not being too bad a prospect, it didn’t work, sadly because of ini_set being used incorrectly: an “unexpected” encapsulated string was on line 10…

Unfortunately, he had also neglected to make use of PHP’s many built-in text-editing functions; particularly those that can help quash cross-site and injection attacks.

Following use of htmlspecialchars, any given text is operated on to encode any of the following:

  • Less-than and greater-than signs;
  • Ampersands (quite useful for encoding URLs, as recommended by PHP.net);
  • Single and Double quote-marks (as long as the correct parameter is set)

However, for a more blanketed approach, perhaps htmlentities would have been better…