(12-18-2010 12:27 AM)Skiilz Wrote: [ -> ]The security one...
I think at least you need to use the htmlspecialchars for the output:
(12-07-2010 08:23 AM)ZiNgA BuRgA Wrote: [ -> ]Secondly, $userfields['fid8'] is never gone through htmlspecialchars
(and please don't ask what "htmlspecialchars" is - if you care, you can Google it)
soo.. I need to make something similar to this one?
PHP Code:
<?php
$new = htmlspecialchars("MY CODE HERE", ENT_QUOTES);
echo $new;
?>
|
You can access it with function shortcut if you use PHP In Template or Template Conditional plugin too.
You can read the first post of the PHP In Template plugin official release thread.
There is an example for that.