Sufficient protection from bad input?


Posted on 16th Feb 2014 07:03 pm by admin

I am writing a simple script to let people upload 'pages' of their own content, be it simply a few bits of HTML, pictures and whatnot, and recieve their own url.. I've without testing, wrote this part of the script to clean the input, are there major security risks?

function cleanInput($input) {
$search = array(
Did you know?Explore Trending and Topic pages for more stories like this.
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
);
$output = preg_replace($search, '', $input);
return $output;
}
function sanitize($input) {
if (is_array($input)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysql_real_escape_string($input);
}
return $output;
}
//Define date for entry
$date = date("Y-m-d");

//clean input
$_title = sanitize(cleaninput($_POST['title']));
$_uid = sanitize(cleaninput($_POST['uid']));
$_desc = sanitize(cleaninput($_POST['desc']));
$_content = sanitize(cleaninput($_POST['content']));

// Insert a row of information into the table with function
function insert($title, $uid, $desc, $date, $content) {
mysql_query("INSERT INTO pageit
(title, userid, `desc`, dateadded, content) VALUES('"._$title."','".$_uid."','".$_desc."','".$date."','".$_content."') ")
or die(mysql_error());
}
// Do the insert with the cleaned data!
insert($_title, $_uid, $_desc, $date, $_content);
//Done script stuff for now..

No comments posted yet

Your Answer:

Login to answer
130 Like 37 Dislike
Previous forums Next forums
Other forums

Echo multiple lines of html code
Hi guys,

I would like to know if there is a way to echo multiple lines of html codes.

Php - mysql store data and use it later?
Hi, i' making a login page at the moment, however my username + password is stored many different pl

Need help: how to catch acess of undefined class properties
Hello. I am learning OO with PHP and have hit a problem.
Some code runs as perfectly valid code,

php sessions,logouts & the bloomin back button!
Hi All,

I've got a cms that members can log into. When they logout, the session is destroyed,

question about n
I was looking at some of the things you could do with php and one of the things I have tried is n.<

More pug propaganda.
http://www.youtube.com/watch?v=8Kkrmubsgf8

The commercial is definitely worth watching pug aw

$variable = $variable
Hello

Sorry if this is a really simple question but I have run out of ideas. Is there a reall

PHP webpage & array print issue
I have this code running, and it works perfectly … however, see my bottom bit about what I see

Date Question
I'm using the TIMESTAMP() function within mysql to set the date/time for certain events. However, ho

Changing files over
Just thought I'd start with the new forums looking really nice .

Ok basically I've made this

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash