Our website is currently under attack by some scriptkiddies that are adding HTML code to their motto's and other database tables (they have access too) and we would like to use strip_tags
to filter the HTML out of it, we use a lot of queries on our website so I was wondering if there was a way to apply these rules to a whole document.
Some of our queries look like this:
<?php echo $users->UserInfo($username, 'motto'); ?>
While others look like:
<div class="title">'.$campaign['caption'].'</div>
A plug-in for PHP would be good to, we use Windows Server 2008 R2 SP1 with IIS.
The easiest way would be to create a wrapper object around the actual db abstraction object(s).
For example, if there is an object of type "db" that provides you some convienance functions such as "select" and "update", you could write a class that extends "db" and overrides the "select function". It might look something like this (its an example as you have not provided enough info on your specific implementation).
Then you would replace your object that instantiated "db" and instead instantiate "db2".
should be replaced with
Now all your existing queries should use the new function which removes the tags.