Hi there,
I am a newbie on Expression Engine. Currently I have downloaded EE Core and built my personal online portfolio also a blogging section. And now I would like to add a comment section to enable any visitors to leave their comment. I have made it works (Display and Submit), but I am concerning about SQL hack/injection.
The questions are in the following :
1. Since the everyone can leave their comment on my singular page, is EE automatic filtered those dangerous SQL Injection like “mysql_real_escape_string”?
2. How do I set all new comment status to Close/Pending? and require admin set to open and display?
3. How to just allow plain text in the textarea only?
Look forward to heard back from you!