Menu
I need some advise on how to do this properly.
I have an application that sells ad listings. This application will be the body of the page. I want to allow the administrator to log in and enter their own header and footer html code.
Now I can create this easy enough with a form in the administration area, and store the code in a database to retrieve when each page is opened, but I worry about sql injection and all sorts of malicious things happening by allowing the user to enter code.
So, what is the best way to handle a user entering such information to allow them to customize their pages a little?
Thanks.