I am writing a simple script to let people upload 'pages' of their own content, be it simply a few bits of HTML, pictures and whatnot, and recieve their own url.. I've without testing, wrote this part of the script to clean the input, are there major security risks?
function cleanInput($input) {
$search = array(
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
);
$output = preg_replace($search, '', $input);
return $output;
}
function sanitize($input) {
if (is_array($input)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysql_real_escape_string($input);
}
return $output;
}
//Define date for entry
$date = date("Y-m-d");
//clean input
$_title = sanitize(cleaninput($_POST['title']));
$_uid = sanitize(cleaninput($_POST['uid']));
$_desc = sanitize(cleaninput($_POST['desc']));
$_content = sanitize(cleaninput($_POST['content']));
// Insert a row of information into the table with function
function insert($title, $uid, $desc, $date, $content) {
mysql_query("INSERT INTO pageit
(title, userid, `desc`, dateadded, content) VALUES('"._$title."','".$_uid."','".$_desc."','".$date."','".$_content."') ")
or die(mysql_error());
}
// Do the insert with the cleaned data!
insert($_title, $_uid, $_desc, $date, $_content);
//Done script stuff for now..
generating all possible random letters
hi'how can i randomize the letters a,b,c,d,e all possible ways, and i want to print the resultand unique from each?thanx
reorder sql query
ok so i have this very simple code:Code: $query = "SELECT search_keywords, COUNT(search_keywords) AS counter FROM phpbb_popsearch GROUP BY search_keywords ORDER BY counter DESC limit 5";
Help with PHP Calendar code...
Hello, I'm new to this forum and I'm glad I found it.I wrote this code for a PHP calendar as an assignment for college.It works fine, but I also want today's day to show in another color and I can't
Get word number x from string?
How can I use a function to loop through a string, and "have a look at" every word in the string, probably separated by a comma, and print them out, like this:word 1: xxxxword 2: xxxxword 3:
Display error above the login forum help!
Hi guys. just so you know im not asking for someone to do this for me I just need to be pointed in the right direction...here is my problem. I have index.php in that file i have included login.php
A little help needed passing hidden values to next page
I have a page that has hidden values in a form.exampleCode: <input name='signupID' type='hidden' value='1' /><input name='signupID' type='hidden' value='2' /><input
How would I protect......
I have a from, actually, a good amount of forms. How can I make it so you can't type the characters: '!~*&^%().;-_ in the form? Where it completely blocks those characters
Having problemswith multithreading and prime numbers
I have an assignment when I'm suppose to do the following:
Php If in MySql query (hiding labels if a field is empty)
Okay, I've been trying to do this for a while, and I'm finally going to ask for help so I can get the simple answer and feel like an idoit .Anyway, I'm building a dynamic driver profile page for my
Need help with basic sql
Hi,
