i hope somebody can provide advice or tips before this gets closed because I was warned that this is a subjective question.
I have my own PHP+SQL framework made out of Slim and Eloquent and planning to integrate a forum in it, and to make it more user-friendly, I am planning to add free text editors on forum posting.
Apparently, these texteditors send the HTML codes via POST, and with these I plan to save them on a MySQL database. And since its eloquent, I quite understand it already handles the prepared statement to avoid injection. But I am not sure enough if that is safe enough, I was browsing phpBB and they don't have any pretty text editor until today (or is yet to be develop for 3.2) and I browsed that they are concerned about security, and I got nervous more since they are veteran there.
Can you get injected via these simple HTML codes? What other attacks can be use against my system?
Thanks!