问题
Hi
I am at prototype stage with my site. I read the html purifier main page and questions about this library in this site but I am still not clear with the issue on my mind. Can you guide me please?
Thanks, BR
My Understanding:
From the docs I have read, I understood that the best I can do is:
- to use
mysqli_real_escape_string
while inputting untrusted data into my mysql database - to use html purifier library while outputting data from mysql database to sscreen as html
My Questions
Q1) Does my understanding makes sense?
Q2) Do I still another sanitization method while inputting data into mysql or outputting from mysql to screen? I think these 2 methods are pretty enough for an amateur but can you please share your idea.
来源:https://stackoverflow.com/questions/14959707/html-purifier-library-usage-concept