Sufficient protection from bad input?


Posted on 16th Feb 2014 07:03 pm by admin

I am writing a simple script to let people upload 'pages' of their own content, be it simply a few bits of HTML, pictures and whatnot, and recieve their own url.. I've without testing, wrote this part of the script to clean the input, are there major security risks?

function cleanInput($input) {
$search = array(
Did you know?Explore Trending and Topic pages for more stories like this.
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
);
$output = preg_replace($search, '', $input);
return $output;
}
function sanitize($input) {
if (is_array($input)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysql_real_escape_string($input);
}
return $output;
}
//Define date for entry
$date = date("Y-m-d");

//clean input
$_title = sanitize(cleaninput($_POST['title']));
$_uid = sanitize(cleaninput($_POST['uid']));
$_desc = sanitize(cleaninput($_POST['desc']));
$_content = sanitize(cleaninput($_POST['content']));

// Insert a row of information into the table with function
function insert($title, $uid, $desc, $date, $content) {
mysql_query("INSERT INTO pageit
(title, userid, `desc`, dateadded, content) VALUES('"._$title."','".$_uid."','".$_desc."','".$date."','".$_content."') ")
or die(mysql_error());
}
// Do the insert with the cleaned data!
insert($_title, $_uid, $_desc, $date, $_content);
//Done script stuff for now..

No comments posted yet

Your Answer:

Login to answer
130 Like 37 Dislike
Previous forums Next forums
Other forums

Help with search.php
Hello All

I need the search engine on a site I am building at the moment to display the searc

Login script (probably a simple error)
dbConfig.php
Code: <?
// Replace the variable values below
// with your specific dat

Simple program to copy files between two computers over the web
I use logmein free and often need to move files between my two computers. Generally, I move the file

If statement help please.
Hello on my site I have 2 content boxes. 1 is for the main content (which is the biggest one) and th

Count Session and Trigger Events
I am New in PHP, seeking a method to count logged users by counting the sessions or any …, is

Search in the PHP Files
have to search asterisk(*) in the php code of the php files .
In the html page one text box

Custom array sort? asc then desc
Any ideas how I could sort this array? I've been trying for a while. Maybe with usort, but I have no

onclick problem
I have <input type="text" name="message">
<a href=page2.

BB_Code error
I'm having a problem with a custom built function and keep getting this error:


Warning: M

Help Import Animoto and Youtube
CAn someone help me urgently want to allow users on my website to import youtube/revver/dailymotion

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash