View Full Version : PHP Filters - EMERGENCY QUESTION

12-31-2006, 08:28 AM
I have abunch of $_GET functions, and some people are abusing it and putting in <script tags, etc... how can I add filters? to where if it gets <script , it filters then echos as "forbidden" or ".." or something of that nature.. as well as if it gets javascript: or something of that nature.

12-31-2006, 08:46 AM
Use a switch statement to handle the $_GET this way only what you want will be able to be used.

12-31-2006, 08:53 AM
how do I do switch statements? and how would i make it say if value of name is "<script" or if <script(anything else) .. turn it into "forbidden" or ".."

12-31-2006, 09:43 AM
UPDATE: Actualy.. it is a MySQL database , i forgot to tell you, and it is HTTPGETVARS instead of $_GET .... it dumps into the mysql by HTTP GET VARS... and then it calls upon the stuff in the database by going


and then doing $name and $picture to echo the stuff from the mysql row ... how will i get it to where when it dumps into the database it changes, or when it echo from the database it changes.

12-31-2006, 09:39 PM


12-31-2006, 10:17 PM
You should be using mysql_real_escape_string() to filter things being inserted into a mysql database and htmlentities() to filter anything being written to a web page.

12-31-2006, 11:03 PM
how would i go about doing to where when it dumps into the mysql database it filters? Could you please PM me with ur AIM or MSN SN so i can send u my files (dont want to give out on the forums)... Willing to pay.

12-31-2006, 11:18 PM
I sent you a pm, awaiting your reply.