Results 1 to 4 of 4
  1. #1
    Join Date
    Mar 2006
    Posts
    2

    Unanswered: Link Script - Parse, Display and Save

    Hi,

    After searching/reading secure form processing and database queries topics/tutorials i am pretty confused.

    I am working on a link archive script. It will be public, users will use it for storing links and such.

    Currently i am using base64_encode($url) for secure database query.
    The problem is with displaying and forwarding users to desired link.

    Will htmlspecialchars(base64_decode($urlDB)) enough for displaying urls ?

    I am using
    PHP Code:
    <frame name="main" src="<?=$url;?>" scrolling="auto">
    for link redirection in a frame. How should i process $url in the frame for security ?

    Thanks

  2. #2
    Join Date
    Apr 2005
    Location
    Baltimore, MD
    Posts
    297
    Quote Originally Posted by tacnew
    Will htmlspecialchars(base64_decode($urlDB)) enough for displaying urls ?
    If you want to display the url as text on the webpage, this should be fine. If you are trying to use the string AS a url then don't use htmlspecialchars().
    Quote Originally Posted by tacnew
    How should i process $url in the frame for security ?
    Could you elaborate? What do you mean by "process"? And how is this going to affect security?

  3. #3
    Join Date
    Mar 2006
    Posts
    2
    Quote Originally Posted by jfulton
    If you want to display the url as text on the webpage, this should be fine. If you are trying to use the string AS a url then don't use htmlspecialchars().

    Could you elaborate? What do you mean by "process"? And how is this going to affect security?
    First of all thank you for your reply,

    I want to display url in 2 different location for different purposes.
    First location is the url list. As i think we solved that problem with htmlspecialchars(base64_decode($urlDB)) or htmlentities(base64_decode($urlDB))

    Second location is for frame;
    PHP Code:
    <frame name="main" src="<?=$url;?>" scrolling="auto">
    How should i parse $url which is located in "frame src" for security ?
    $url can contain " and mess the frame tag.

    Thanks

  4. #4
    Join Date
    Apr 2005
    Location
    Baltimore, MD
    Posts
    297
    $url can contain " and mess the frame tag.
    I can't imagine that is good, but then I guess you would need to use htmlentities($url, ENT_QUOTES); or something like that.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •