Yo /prog/ I'm a big noob at php but I wanted to try making a blog. Anyways long story short my friend posted something like <script>alert(%22HOMOSITE%22)</script> when I was trying the script out :( it also has a mysql database and I dunno if that can be screwed up too. How can I stop it from allowing html and stuff and whatever else would screw it up?
Name:
Anonymous2008-03-19 17:33
You should know that PHP isn't very secure because it allows HTML tags in the source code. If you're using PHP for your blog it allows people to post HTML on your page. I suggest using Scheme to write your blog, because it is much more secure. The book Structure and Interpretation of Computer Programs teaches you how to write a blog using Scheme. It is a very good for beginners and can be read for free at http://mitpress.mit.edu/sicp/full-text/book/book.html