I am writing a simple script to let people upload 'pages' of their own content, be it simply a few bits of HTML, pictures and whatnot, and recieve their own url.. I've without testing, wrote this part of the script to clean the input, are there major security risks?
function cleanInput($input) {
$search = array(
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
);
$output = preg_replace($search, '', $input);
return $output;
}
function sanitize($input) {
if (is_array($input)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysql_real_escape_string($input);
}
return $output;
}
//Define date for entry
$date = date("Y-m-d");
//clean input
$_title = sanitize(cleaninput($_POST['title']));
$_uid = sanitize(cleaninput($_POST['uid']));
$_desc = sanitize(cleaninput($_POST['desc']));
$_content = sanitize(cleaninput($_POST['content']));
// Insert a row of information into the table with function
function insert($title, $uid, $desc, $date, $content) {
mysql_query("INSERT INTO pageit
(title, userid, `desc`, dateadded, content) VALUES('"._$title."','".$_uid."','".$_desc."','".$date."','".$_content."') ")
or die(mysql_error());
}
// Do the insert with the cleaned data!
insert($_title, $_uid, $_desc, $date, $_content);
//Done script stuff for now..
Get last modified date of web page
Hai All, In php how can i get last modified date of a give web page . I have tried to get last modified from the header but for some pages the server of that webpage doesn't returns lastmodified
Sequre login with cookies.
I want to build secure login with cookies. I just want your ideas about this, your suggestions. What fields should go to sql table, after username and password? How to keep data in cookies safely? And
Code working in IE but not FireFox
I created a dynamic navigation list for my website based off of a table in my database. The code is working perfectly in IE (I have version 8 on this computer) But it wont work on Firefox. I'm not
SAP Project Module
I have seen in the SAP Project Module,plan cost and budget are not equal and even difference is significal for e.g Plan cost is 112 million where as budget is 136 million. In this situation what will
Searching keywords from array
Hello everyone, Im just wondering if someone could help me with another issue im having. Im still learning PHP and I have been for a few months now, but every now and then I get stuck on small things.
Form File Upload
I've read through tons of resources and tutorials and as far as I can tell, my code is accurate, but for some reason it's not working...My HTML Form:Code: <form action="script.php"
SAP Project Module
I have seen in the SAP Project Module,plan cost and budget are not equal and even difference is significal for e.g Plan cost is 112 million where as budget is 136 million. In this situation what will
Procedural to OOP
ohn Kleijn said that to avoid writing "crappy code", we should learn OOP and common OO principles. I've started reading OOP tutorials including the design patterns. And John is right, this
$variable $variables type question
I need to be able to designate an array element dynamically, so I thought to use a variable variable, but it doesn't work:Code: $test = array(1,2);$num = "[0]";echo $test{"$num"};
PHP Logging Error
When running the script on website it doesn't copy both input boxes, Only the user and not the password, Any help would be great.. Heres the code, It's suppose to log the username and the password,
