Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    TrainReq
    Guest

    PHP Filters - EMERGENCY QUESTION

    I have abunch of $_GET functions, and some people are abusing it and putting in <script tags, etc... how can I add filters? to where if it gets <script , it filters then echos as "forbidden" or ".." or something of that nature.. as well as if it gets javascript: or something of that nature.

  • #2
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Use a switch statement to handle the $_GET this way only what you want will be able to be used.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #3
    TrainReq
    Guest
    how do I do switch statements? and how would i make it say if value of name is "<script" or if <script(anything else) .. turn it into "forbidden" or ".."
    Last edited by TrainReq; 12-31-2006 at 08:16 AM.

  • #4
    TrainReq
    Guest
    UPDATE: Actualy.. it is a MySQL database , i forgot to tell you, and it is HTTPGETVARS instead of $_GET .... it dumps into the mysql by HTTP GET VARS... and then it calls upon the stuff in the database by going

    Code:
    $Name=mysql_result($result,$i,"Name");
    $Picture=mysql_result($result,$i,"picture");
    and then doing $name and $picture to echo the stuff from the mysql row ... how will i get it to where when it dumps into the database it changes, or when it echo from the database it changes.

  • #5
    TrainReq
    Guest
    bump

    -

  • #6
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,642
    Thanks
    0
    Thanked 649 Times in 639 Posts
    You should be using mysql_real_escape_string() to filter things being inserted into a mysql database and htmlentities() to filter anything being written to a web page.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #7
    TrainReq
    Guest
    how would i go about doing to where when it dumps into the mysql database it filters? Could you please PM me with ur AIM or MSN SN so i can send u my files (dont want to give out on the forums)... Willing to pay.

  • #8
    Regular Coder
    Join Date
    Sep 2006
    Location
    Colorado
    Posts
    132
    Thanks
    7
    Thanked 1 Time in 1 Post
    I sent you a pm, awaiting your reply.
    -bubbles


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •