I am writing a simple script to let people upload 'pages' of their own content, be it simply a few bits of HTML, pictures and whatnot, and recieve their own url.. I've without testing, wrote this part of the script to clean the input, are there major security risks?
function cleanInput($input) {
$search = array(
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
);
$output = preg_replace($search, '', $input);
return $output;
}
function sanitize($input) {
if (is_array($input)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysql_real_escape_string($input);
}
return $output;
}
//Define date for entry
$date = date("Y-m-d");
//clean input
$_title = sanitize(cleaninput($_POST['title']));
$_uid = sanitize(cleaninput($_POST['uid']));
$_desc = sanitize(cleaninput($_POST['desc']));
$_content = sanitize(cleaninput($_POST['content']));
// Insert a row of information into the table with function
function insert($title, $uid, $desc, $date, $content) {
mysql_query("INSERT INTO pageit
(title, userid, `desc`, dateadded, content) VALUES('"._$title."','".$_uid."','".$_desc."','".$date."','".$_content."') ")
or die(mysql_error());
}
// Do the insert with the cleaned data!
insert($_title, $_uid, $_desc, $date, $_content);
//Done script stuff for now..
IIS7 and getimagesize() problem
I have just discovered after hrs of trying to fix a problem where it's coming from. It's to do with the php function getimagesize() and path names.When using these two different sets of code:Code:
Share admin accross websites
I'm using .net memberships and roles in one of my sites, but I need to be able to share logins and passwords for admins accross multiple sites that use a custom database for security. How would I go
My XSRF Prevention code isn't working
First of all, thanks for the generous help you guys have given me in the past on this forum.Second, I apologize in advance if my code is hard to read, most of it was done in a rush.Here
Extract text from string
Hi folks,I have a string that looks like this:aaaaaaaaaa: bbbbbbbbbb (ccccccccc) dddddddddddddddddddddeeeeeeeeeeeeeeeeeeeee(format can't be changed - lengths of strings will vary) and I need to
Renaming a file that a user uploads to site?
My site allows for registered users to upload images to the site under their own gallery. Currently it just leaves the file named as however the person has it named. But what I would like to do is
php/mysql problem
Hey all,Problem: im trying to setup a shop where people can use a drop-down list to select the amount of items they would like to purchase, then when they click on the "buy" button it uses
PHP Multiples of 2, Show posts...not working (wordpress)
I have been using this code to show div.example with 6 li columns inside it, each li is a post with its info inside.Once it gets to the 6th li it closes the div.example and starts a new one. This to
Mail Form receiving emails with no content
Hi, I hope someone here can help me.I have a simple form in my website, it was working OK, after lots of trouble finding out how to make this form I managed to make it work.I had to create an
Dynamic links in an include file
I am working on a small piece of code that counts records from a database and displays the result to the user. Everything works fine, except I am running into difficulties with dynamic links.The code
need help in update query
i create a form for update. there are 8 columns in my mysql table. on my main page all the data is retrieve from db and displayed on the page. after every row there is a link edit. when user click
