Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Jun 2008
    Posts
    57
    Thanks
    15
    Thanked 1 Time in 1 Post

    [?] Database search form results

    I'm building a database search form and so far so good but with 1 little niggle ..the results ...

    I have a submissions page where visitors can input there own data I use
    PHP Code:
    htmlentities(mysql_real_escape_string($foo
    for protection but the problem is if someone (a hacker) submits an input field

    Code:
    <input type="text" value="foo">
    yes its parsed but the results when searching come back as:

    Code:
    &lt;input type=&quot;text&quot; value=&quot;foo&quot;
    so my question is how can I filter out those results from the results page or better still not allow code like input fields to be submitted in the first place?

    please note all numbers, letters and special characters need to be allowed to be submitted
    Newbie at most things ...Hey we all gotta start somewhere right :)

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Please refer to this thread in regards of where to post these threads: This forum is JUST for sharing a completed PHP snippet. Questions go in the PHP forum
    The snippets are not for questions. Moving to the PHP forum.

    As for you're question, ensure that you're data input is only what you allow. You can do this with preg_match, and it looks like using filter_var with a FILTER_VALIDATE_URL will match you're criteria.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    New Coder
    Join Date
    Jun 2008
    Posts
    57
    Thanks
    15
    Thanked 1 Time in 1 Post
    Sorry for posting in wrong section, I'm normally on tha ball with that sort of thing as I run a forum myself ... please move to correct forum.
    Newbie at most things ...Hey we all gotta start somewhere right :)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •