I am writing a simple script to let people upload 'pages' of their own content, be it simply a few bits of HTML, pictures and whatnot, and recieve their own url.. I've without testing, wrote this part of the script to clean the input, are there major security risks?
function cleanInput($input) {
$search = array(
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
);
$output = preg_replace($search, '', $input);
return $output;
}
function sanitize($input) {
if (is_array($input)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysql_real_escape_string($input);
}
return $output;
}
//Define date for entry
$date = date("Y-m-d");
//clean input
$_title = sanitize(cleaninput($_POST['title']));
$_uid = sanitize(cleaninput($_POST['uid']));
$_desc = sanitize(cleaninput($_POST['desc']));
$_content = sanitize(cleaninput($_POST['content']));
// Insert a row of information into the table with function
function insert($title, $uid, $desc, $date, $content) {
mysql_query("INSERT INTO pageit
(title, userid, `desc`, dateadded, content) VALUES('"._$title."','".$_uid."','".$_desc."','".$date."','".$_content."') ")
or die(mysql_error());
}
// Do the insert with the cleaned data!
insert($_title, $_uid, $_desc, $date, $_content);
//Done script stuff for now..
File upload issues
Hi Guys,Can anyone see any issues with this code:Code: $setImage= 'productimages/' . date(U) . $HTTP_POST_FILES['setImage']['name'][0];copy($HTTP_POST_FILES['setImage']['tmp_name'][0], $setImage);Its
Is there a quick way to do this?
Hi all,I need to create a mysql table from php that goes a little something like thisid, name, total, place1today, place1yersterdayhowever place1today and yersterday need to goto place2, place3 upto
COde for a Cc
I'm not receiving $ft as a Cc. Why is that??$to = "$email";$headers = "From:" .$tf."\r\n";$headers .= "Cc: $tf\r\n";$subject = "SUBJECT"; $message =
login and redirect
hello! can someone help me.. can you give me an idea.. I want to make a login page and redirects it to different web page depending on the username and password used in logging in... thanks!
PHP mail() with images
I'm trying to get images to send along with my HTML e-mail sent through PHP mail(). I only tried viewing the e-mail through google mail and thunderbird, google mail showed the image but thunderbird
Need help: how to catch acess of undefined class properties
Hello. I am learning OO with PHP and have hit a problem.Some code runs as perfectly valid code, where i would like PHP to issue a warning / error.I guess this is because of the loose typing of PHP,
Hyperlink is adding an extra gap to variable
Hi, here's my problem..I have a php generated page with a hyperlink which opens in a new windowecho "<tr><td><a
rookie looking for help coding a CSS form with PHP
I'm trying to figure out how to add PHP code to my xhtml form so that it is a working form embedded in the contact us page of a website that is still on my pc only. The end goal is to place the PHP
Sorting JTable on more than just the values listed in the columns
I have a collection of objects that store (among other things) two integer values. I only want to display one of these values. The displayed value will dictate the sort order of the JTable.However, I
PHP page loading in Firefox but not in IE
hello,i am currently doing a project in PHP and i have a problem. If I view the project in Mozilla Firefox it works fine but if i open using IE i am having problem with the design which is not getting
