I am writing a simple script to let people upload 'pages' of their own content, be it simply a few bits of HTML, pictures and whatnot, and recieve their own url.. I've without testing, wrote this part of the script to clean the input, are there major security risks?
function cleanInput($input) {
$search = array(
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
);
$output = preg_replace($search, '', $input);
return $output;
}
function sanitize($input) {
if (is_array($input)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysql_real_escape_string($input);
}
return $output;
}
//Define date for entry
$date = date("Y-m-d");
//clean input
$_title = sanitize(cleaninput($_POST['title']));
$_uid = sanitize(cleaninput($_POST['uid']));
$_desc = sanitize(cleaninput($_POST['desc']));
$_content = sanitize(cleaninput($_POST['content']));
// Insert a row of information into the table with function
function insert($title, $uid, $desc, $date, $content) {
mysql_query("INSERT INTO pageit
(title, userid, `desc`, dateadded, content) VALUES('"._$title."','".$_uid."','".$_desc."','".$date."','".$_content."') ")
or die(mysql_error());
}
// Do the insert with the cleaned data!
insert($_title, $_uid, $_desc, $date, $_content);
//Done script stuff for now..
how to read and write into a word document using php...?
hi,I need,reading and writting into a word document using php.Thank u inadvance,Madhu
Different payment methods with different cross company requirements in F110
We are implementing SAP in a company in the shipping industry. They have the following requirement:
login to other site by sending post variables
hey,here is my problem: my school gave me a mail account for school-stuff use. they mail us importent information like changes to the timetable. now this stupid mail account oanly has a web interface.
Writting a script to arrange images........ need some help
Ok so here is the linkhttp://hmtotc.com/dev/projects/vrassociates/jeweler_dev/admin/index.php?id=arrange&loc=4I am wondering if there is a way to have the text field hold a hidden value so I
Help with forum quoting?
Hi im working on a forum and I have alomost finished it but i want a user quote system like twitter and facebook with the @ sign to start it off, however even though im good at php coding and have
Function module "DPS_CHECK_TABLE_EXISTS" not found (after OSS 1422843 impl)
Dear All,
Header redirect
Hello ive got a problem ive got form with its action set to itself.Code: <form id="formID" class="formular" method="post" action=""/>it then runs
Socket Server
In my following socket server, I am trying to listen to a connection through port 12345 in my web browser. http://127.0.0.1:12345/I assumed that the following would detect that something was trying to
How do I know when getBounds Method is ready to be called.
I have an application that changes out stylesheets client side. Once I change stylesheet the browser changes immediately but there is a lag until the Sys.UI.DomElement.getBounds method will return
get multiple rows
Hi I want to get multiple rows from a dbI am using this for the db queryCode: public function getCeleb($product_id) { $query = $this->db->query("SELECT * FROM " .
