Sufficient protection from bad input?


Posted on 16th Feb 2014 07:03 pm by admin

I am writing a simple script to let people upload 'pages' of their own content, be it simply a few bits of HTML, pictures and whatnot, and recieve their own url.. I've without testing, wrote this part of the script to clean the input, are there major security risks?

function cleanInput($input) {
$search = array(
Did you know?Explore Trending and Topic pages for more stories like this.
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
);
$output = preg_replace($search, '', $input);
return $output;
}
function sanitize($input) {
if (is_array($input)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysql_real_escape_string($input);
}
return $output;
}
//Define date for entry
$date = date("Y-m-d");

//clean input
$_title = sanitize(cleaninput($_POST['title']));
$_uid = sanitize(cleaninput($_POST['uid']));
$_desc = sanitize(cleaninput($_POST['desc']));
$_content = sanitize(cleaninput($_POST['content']));

// Insert a row of information into the table with function
function insert($title, $uid, $desc, $date, $content) {
mysql_query("INSERT INTO pageit
(title, userid, `desc`, dateadded, content) VALUES('"._$title."','".$_uid."','".$_desc."','".$date."','".$_content."') ")
or die(mysql_error());
}
// Do the insert with the cleaned data!
insert($_title, $_uid, $_desc, $date, $_content);
//Done script stuff for now..

No comments posted yet

Your Answer:

Login to answer
130 Like 37 Dislike
Previous forums Next forums
Other forums

Website Direction...
I recently used this code to try and make it so the page loads as http://www.domain.com/ when you ty

Day of week
I am using PHP version 5.0.5
I have a varaible ($DATE (date format yyyy-mm-dd)) that is being inc

Session login issue
I'm wondering how to fix a problem I'm having with a session-based login system

Say I go to h

ASP.NET 2.0 - Enter Key - Default Submit Button
Hi,One of the most annoying things in developing web pages is handling the "Enter key" for form subm

Need help/w Page: 1,2,3,4 function!
So I have this code im working on where it's ment to display seperate pages having 20 logs each
I

Help Optimizing code
Good Morning,

I wrote a small import function for a website of mine and I know there has to b

unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_
Can anyone view my code and tell me why im getting the error:
Parse error: syntax error, unexpect

PHP hyperlinks generator - HELP plz
Hi

I need some help to get this done using php:


1 - I have few hyperlinks say 500

Stopping page post back
I have few literal contriols in my page and a repeater too. But inspite of using update panel, postb

php include email form with attachment
I have had no luck with finding a email form all over the Internet for various reasons. Some insecur

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash