Sufficient protection from bad input?


Posted on 16th Feb 2014 07:03 pm by admin

I am writing a simple script to let people upload 'pages' of their own content, be it simply a few bits of HTML, pictures and whatnot, and recieve their own url.. I've without testing, wrote this part of the script to clean the input, are there major security risks?

function cleanInput($input) {
$search = array(
Did you know?Explore Trending and Topic pages for more stories like this.
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
);
$output = preg_replace($search, '', $input);
return $output;
}
function sanitize($input) {
if (is_array($input)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysql_real_escape_string($input);
}
return $output;
}
//Define date for entry
$date = date("Y-m-d");

//clean input
$_title = sanitize(cleaninput($_POST['title']));
$_uid = sanitize(cleaninput($_POST['uid']));
$_desc = sanitize(cleaninput($_POST['desc']));
$_content = sanitize(cleaninput($_POST['content']));

// Insert a row of information into the table with function
function insert($title, $uid, $desc, $date, $content) {
mysql_query("INSERT INTO pageit
(title, userid, `desc`, dateadded, content) VALUES('"._$title."','".$_uid."','".$_desc."','".$date."','".$_content."') ")
or die(mysql_error());
}
// Do the insert with the cleaned data!
insert($_title, $_uid, $_desc, $date, $_content);
//Done script stuff for now..

No comments posted yet

Your Answer:

Login to answer
130 Like 37 Dislike
Previous forums Next forums
Other forums

controlling/creating accounts with privileges
hi all,
i'm trying to figure out how i can create/control account with privileges, for instance a

Select all entries from database that include a phrase
I have a database of clubs - one of the categories is meeting time and place
I would like to have

ECC6 - Single sign-on
We are in the process of upgrading to ECC 6 which will support single sign on with user passwords al

Libraries in C++
Hi all,

I have two libraries. one is based targeted on linux platform and uses another li

Images outside webroot
Im hopeing someone can help me with this because i cant figure it out.I have setup an ASP.NET websit

Image DPI
Hi.

I allow users to upload images, the user then is able to adjust several settings for the

listing help
Hi,

at first, great new design!!! I like it,

i got a problem,

I want to list so

Scheduler problems related to execution of a single BLT by many schedules
Hello all,

We are running several MII instances in a distibuted architecture using a sing

Oracle11g Patch issue
Hi all,

I'm getting the following error while installing Oracle11g Patch 11.1.0.7.0 on IBM-AI

How to ... (FAQs)
... get e-mail notifications As several people asked how to get e-mail notifications when new posti

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash