Sufficient protection from bad input?
Posted on
16th Feb 2014 07:03 pm by
admin
I am writing a simple script to let people upload 'pages' of their own content, be it simply a few bits of HTML, pictures and whatnot, and recieve their own url.. I've without testing, wrote this part of the script to clean the input, are there major security risks?
function cleanInput($input) {
$search = array(
'@<script[^>]*?>.*?</script>@si', // Strip out javascript
);
$output = preg_replace($search, '', $input);
return $output;
}
function sanitize($input) {
if (is_array($input)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
}
else {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = cleanInput($input);
$output = mysql_real_escape_string($input);
}
return $output;
}
//Define date for entry
$date = date("Y-m-d");
//clean input
$_title = sanitize(cleaninput($_POST['title']));
$_uid = sanitize(cleaninput($_POST['uid']));
$_desc = sanitize(cleaninput($_POST['desc']));
$_content = sanitize(cleaninput($_POST['content']));
// Insert a row of information into the table with function
function insert($title, $uid, $desc, $date, $content) {
mysql_query("INSERT INTO pageit
(title, userid, `desc`, dateadded, content) VALUES('"._$title."','".$_uid."','".$_desc."','".$date."','".$_content."') ")
or die(mysql_error());
}
// Do the insert with the cleaned data!
insert($_title, $_uid, $_desc, $date, $_content);
//Done script stuff for now..
130 
37 
Other php-forum
Refining of search Criteria
Dear Friends
I need a help, I have a search page which of cars related, which has different s
get url?
how do i get the url of the page i'm currently on, on my website.. i think its get header.. how do i
admin with my register system?
Hey i wana make it so i can make a admin level on my register system , I'm kinda new to php to im no
Text file to .Dat file Conversion in PHP
Hi All,
Could anybody provide code for Text file to .Dat file Conversion in PHP.
Tha
New to Arrays
Hi I am new to PHP (a week and a half now) and I am just beginning to read about arrays. I understan
SCO Unix
I know this might not be the place to ask, but, can anyone tell me if SCO Unix comes with PHP built
If statement help please.
Hello on my site I have 2 content boxes. 1 is for the main content (which is the biggest one) and th
Undefined variable: adHTML
Hello:
While checking my site error logs, I've noticed one repetitive error that fills the lo
MySQL issue
I am taking sentences through a form on page. Then checking some condition and trying to insert them
Displaying pictures
i have worked my way through storing images in directory and storing the location in mySQL db.Now i
