...

View Full Version : PHP Filters - EMERGENCY QUESTION



TrainReq
12-31-2006, 08:28 AM
I have abunch of $_GET functions, and some people are abusing it and putting in <script tags, etc... how can I add filters? to where if it gets <script , it filters then echos as "forbidden" or ".." or something of that nature.. as well as if it gets javascript: or something of that nature.

_Aerospace_Eng_
12-31-2006, 08:46 AM
Use a switch statement to handle the $_GET this way only what you want will be able to be used.

TrainReq
12-31-2006, 08:53 AM
how do I do switch statements? and how would i make it say if value of name is "<script" or if <script(anything else) .. turn it into "forbidden" or ".."

TrainReq
12-31-2006, 09:43 AM
UPDATE: Actualy.. it is a MySQL database , i forgot to tell you, and it is HTTPGETVARS instead of $_GET .... it dumps into the mysql by HTTP GET VARS... and then it calls upon the stuff in the database by going



$Name=mysql_result($result,$i,"Name");
$Picture=mysql_result($result,$i,"picture");


and then doing $name and $picture to echo the stuff from the mysql row ... how will i get it to where when it dumps into the database it changes, or when it echo from the database it changes.

TrainReq
12-31-2006, 09:39 PM
bump

-

felgall
12-31-2006, 10:17 PM
You should be using mysql_real_escape_string() to filter things being inserted into a mysql database and htmlentities() to filter anything being written to a web page.

TrainReq
12-31-2006, 11:03 PM
how would i go about doing to where when it dumps into the mysql database it filters? Could you please PM me with ur AIM or MSN SN so i can send u my files (dont want to give out on the forums)... Willing to pay.

bubbles19518
12-31-2006, 11:18 PM
I sent you a pm, awaiting your reply.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum