Sufficient protection from bad input?


Posted on 16th Feb 2014 07:03 pm by admin

I am writing a simple script to let people upload 'pages' of their own content, be it simply a few bits of HTML, pictures and whatnot, and recieve their own url.. I've without testing, wrote this part of the script to clean the input, are there major security risks?

function cleanInput($input) {
$search = array(
Did you know?Explore Trending and Topic pages for more stories like this.
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
);
$output = preg_replace($search, '', $input);
return $output;
}
function sanitize($input) {
if (is_array($input)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysql_real_escape_string($input);
}
return $output;
}
//Define date for entry
$date = date("Y-m-d");

//clean input
$_title = sanitize(cleaninput($_POST['title']));
$_uid = sanitize(cleaninput($_POST['uid']));
$_desc = sanitize(cleaninput($_POST['desc']));
$_content = sanitize(cleaninput($_POST['content']));

// Insert a row of information into the table with function
function insert($title, $uid, $desc, $date, $content) {
mysql_query("INSERT INTO pageit
(title, userid, `desc`, dateadded, content) VALUES('"._$title."','".$_uid."','".$_desc."','".$date."','".$_content."') ")
or die(mysql_error());
}
// Do the insert with the cleaned data!
insert($_title, $_uid, $_desc, $date, $_content);
//Done script stuff for now..

No comments posted yet

Your Answer:

Login to answer
130 Like 37 Dislike
Previous forums Next forums
Other forums

Get relative path from absolute path
How would one go about getting the relative path to a file from its absolute path?

Batch update record with Pagination
Hoping someone can help me with this issue I'm having, im trying to batch update records from a resu

Generate multilayered array from string.
ok so i have a string that looks like this:
Code: [Select]blog:edit_all,delete_all|users:edit_all

help removing unwanted graphic
How do I remove the small elongated rectangular shape between the "Latest post" and "

paginate search result
Hi, I have a paginations script to display data from my database but i would like to paginate someon

form problem
below in the form action, i've put "test.php?w=$sw&h=$sh" but when i input the for

extract content from a website
i have written a code that will grab the content from the index page..
i would like to know how c

Hi, explode and strstr.
Hi, I seem to be confused about the strstr function, eg. i have a string like:
"a.b.c.d.e.f&

'grab_files', multiple extension?
hey guys,

can anyone suggest a way to make to following line of code look for files with more

Motivational Posters
Hello,

I wonder how can i do them in php. Are there any sample codes that you can show me?

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash