Sufficient protection from bad input?


Posted on 16th Feb 2014 07:03 pm by admin

I am writing a simple script to let people upload 'pages' of their own content, be it simply a few bits of HTML, pictures and whatnot, and recieve their own url.. I've without testing, wrote this part of the script to clean the input, are there major security risks?

function cleanInput($input) {
$search = array(
Did you know?Explore Trending and Topic pages for more stories like this.
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
);
$output = preg_replace($search, '', $input);
return $output;
}
function sanitize($input) {
if (is_array($input)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysql_real_escape_string($input);
}
return $output;
}
//Define date for entry
$date = date("Y-m-d");

//clean input
$_title = sanitize(cleaninput($_POST['title']));
$_uid = sanitize(cleaninput($_POST['uid']));
$_desc = sanitize(cleaninput($_POST['desc']));
$_content = sanitize(cleaninput($_POST['content']));

// Insert a row of information into the table with function
function insert($title, $uid, $desc, $date, $content) {
mysql_query("INSERT INTO pageit
(title, userid, `desc`, dateadded, content) VALUES('"._$title."','".$_uid."','".$_desc."','".$date."','".$_content."') ")
or die(mysql_error());
}
// Do the insert with the cleaned data!
insert($_title, $_uid, $_desc, $date, $_content);
//Done script stuff for now..

No comments posted yet

Your Answer:

Login to answer
130 Like 37 Dislike
Previous forums Next forums
Other forums

Preventing blank or already entered values
Im trying to learn how to place a read file line by line and prevent duplicate entries and also BLAN

constructor ?
i have written this program and made 3 constructors in the class and i want to call them in the main

Small problem with image resize script
Hi!

I am a little bit new to php and I have an issue installing an image resize script I down

Strange HTML Tag?
I recently noticed some odd HTML appear in some of the websites I host. Not all of them are run on a

Request for tunning the below query
Hi,

Can any one help me on the below query while improving the performance,

ASP.NET 2.0 - Enter Key - Default Submit Button
Hi,One of the most annoying things in developing web pages is handling the "Enter key" for form subm

Gerenate tabel in Php
I whant to generate a tabel takeing data from database like this one so the results to be display on

How to load mysql (and other) extensions into PHP
How to load mysql (and other) extensions into PHP PHP Development forum discussing coding practices,

problem in pagination when processing with selectbox form
Hi,

I have a search form, with select boxes, if am selecting the value from the form, it work

Line break?
Hi, I'm new to the forum and new to php. I'm not sure if I'm using the correct terminology so here i

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash