Sufficient protection from bad input?


Posted on 16th Feb 2014 07:03 pm by admin

I am writing a simple script to let people upload 'pages' of their own content, be it simply a few bits of HTML, pictures and whatnot, and recieve their own url.. I've without testing, wrote this part of the script to clean the input, are there major security risks?

function cleanInput($input) {
$search = array(
Did you know?Explore Trending and Topic pages for more stories like this.
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
);
$output = preg_replace($search, '', $input);
return $output;
}
function sanitize($input) {
if (is_array($input)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysql_real_escape_string($input);
}
return $output;
}
//Define date for entry
$date = date("Y-m-d");

//clean input
$_title = sanitize(cleaninput($_POST['title']));
$_uid = sanitize(cleaninput($_POST['uid']));
$_desc = sanitize(cleaninput($_POST['desc']));
$_content = sanitize(cleaninput($_POST['content']));

// Insert a row of information into the table with function
function insert($title, $uid, $desc, $date, $content) {
mysql_query("INSERT INTO pageit
(title, userid, `desc`, dateadded, content) VALUES('"._$title."','".$_uid."','".$_desc."','".$date."','".$_content."') ")
or die(mysql_error());
}
// Do the insert with the cleaned data!
insert($_title, $_uid, $_desc, $date, $_content);
//Done script stuff for now..

No comments posted yet

Your Answer:

Login to answer
130 Like 37 Dislike
Previous forums Next forums
Other forums

MFC GUI Programming
I am working on a project right now that requires me to create a MFC Windows GUI. Basically it need

Java API in PHP?
I have an application that we use internally here at the office.

The software company provide

List/Menu Box
On an edit page when you want something to select what a user has previously selected from the datab

get font info from a font file
hello,

Does anyone know how to get font info from a font file ... using php of course !
<

Get relative path from absolute path
How would one go about getting the relative path to a file from its absolute path?

While Problem
i am having a problem with a while statement here is the code
Code: [Select]<?php
sess

Prevention Help
How can I use PHP or any other language (feel free to move this thread) to prevent users doing scree

Having Problem with Date
l have a submit buttom where user have the possibility to add a date to specify when his message s

Anti Spam Code Problems
Ok where do i start? Probably by telling you I have very little working knowledge of PHP and that I

Running a cron job through PHP/Apache?!
Hello all,
I have a PHP script which makes a cron file from user input. When i try to run the cro

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash