Since the introduction of the Suggest a Website link in the Eggnchips project, a few interesting observations have been noted, the biggest of which is the amount of HTML that has tried to be inserted into the description field in order to try and stuff it with extra links; another thing has been a few attempted SQL injections. Had these fields gone straight into the database no doubt trouble would have ensured and with the SQL injections the system might have become compromised.

At least there is a way around this using PHP: Removing HTML Tags from Strings and PHP: Avoiding mySQL Injections. There are also a few other tricks up our sleeves to combat this sort of activity but more investigation and research needs to be carried out on the effective mechanisms for securing input data. One possibility would be to allow only text based input but that could ultimately prove difficult in a multi-lingual environment.

Go to Source