Milierkovic Posted October 12, 2009 Posted October 12, 2009 I cant figure out what the last part of this contribution means, and how to install/integrate it Link to contribution is HERE WHAT DO I NEED TO THINK OF? If you for any reason want to store HTML in the database, make sure you manipulate the tep_db_input() command with the third optional parameter like the following. This... $example_query = tep_db_query("update myTable set column='". tep_db_input($var) ."' where this='that' limit 1;"); Becomes... $example_query = tep_db_query("update myTable set column='". tep_db_input($var, 'db_link', true) ."' where this='that' limit 1;"); Does this mean that when i use HTML in the product descriptions that i can use this code to prevent it from XSS attacks? And how and where should i put this code (also in database.php ?), or what do i need to modify to make it work on my shop? Quote
spooks Posted November 25, 2009 Posted November 25, 2009 I have already given my opinion on that & the alternative here http://www.oscommerce.com/forums/index.php?showtopic=313323&pid=1456772&start=200&st=200#entry1456772 (11 Nov Post) Changes applied to the shop side do not apply to admin. Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
New 
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.