shadowx
Feb 4 2007, 12:18 PM
Hi all, this is my first function and as part of a script and i just want to know a couple of things. here is the code for the function: CODE <?
function clean($dirty_string) {
$muddy_string = stripslashes($dirty_string);
$murky_string = strip_tags($muddy_string);
$clean_string = htmlentities($murky_string);
};
?> So the first thing is how secure is it? the script this will be used in connects to a database and sends an email so it needs to stop SQL injections and any email abuse it might cause, also the data stored in the database will be usaed as part of a HTML page so it needs to be HTML proof which is why i used HTMLENTITIES and of course STRIP_TAGS gets rid of php and HTML so was a good choice i thought. That is all really! If its not that secure then are there any other built in functions i could add? Thanks
Comment/Reply (w/o sign-up)
cooleappie
Apr 28 2008, 07:07 PM
As far as i can see, is it for that purpose good enough.. If it would be for a very important part which other persons may in no case enter, i would add more.. but this is enough for this..
Comment/Reply (w/o sign-up)
alex7h3pr0gr4m3r
Apr 28 2008, 07:50 PM
It is pretty good, I just have a couple of quick suggestions to add. First of all why are you wasting memory on the server with all of those useless variables? Even though its temporarily while your page is loading. Normally for code this short it wouldn't matter, but since its a function that will be included in other pages, the object of it is to be fast and effective. The faster and more effective it is the better the function is. Also I assume the reason you have htmlentities after strip_tags is to parse '<' and '>' that are not in tag format? (for example an arrow: -->). If you are doing this why do you also strip_tags? Is it important to completely eliminate tags that are in html format? Why not just keep them in there and just parse them into > and <? Also, I would think that add_slashes would make it more secure than strip_slashes. This would escape out quotes, and would also escape out any backslashes that strip_slashes would remove, rendering them useless.
Comment/Reply (w/o sign-up)
Similar Topics
Keywords : data, cleaning, function,
- Search Engine/ Function
(0)
PHP Function To Add Previous and Next Page Feature
useful php function (5) CODE function navigationbar($start_number = 0, $items_per_page = 50, $count) { // Creates a
navigation bar $current_page = $_SERVER ; if (($start_number $start_number = 0;
} $navbar = ""; $prev_navbar = ""; $next_navbar = ""; if ($count >
$items_per_page) { $nav_count = 0; $page_count = 1; $nav_passed = false;
while ($nav_count // Are we at the current page position? if
(($start_number $navbar .= " "; $nav_passed = true; ....
Endif function?
(6) As you get noticed before, I am studying PHP in examples like using the tutorials as well as books
itself. Through my readings, I get this function CODE a lot of times. So, what do you mean
by this function, and what does it do exactly?....
Php + Mysql Question!
While inserting data into MySQL, how can I know if the data I'm in (4) Basically, I want to know if the Data I'm inserting through a Form is already there or not. Sort
of a Username registration page. I have this, but it doesn't appear to work... CODE
$result = mysql_query("SELECT * FROM users WHERE username='$username'"); if($result == 1)
{ echo ' ERROR! The username you have chosen already exists!'; } ....
Php Email Validation
A PHP data validation class with many functions (1) I've been reading through my old php book (PHP 4.1) and came across this data validation class.
It can check a number of things ranging from telephone numbers , credit card number formats, email
address and some others. I checked out some of the methods although I didnt expect it to work 100%
because I've found source code errors thoughout the book and CD. I tested out a few of the
methods to check and some of them did return expected results but some didnt either so the data
validation class was not perfect and it didnt really bother me. The cool thing I found....
Arrays Outside A Function
Need to have arrays available to all functions. (3) I've got a bunch of arrays that i want to use for more then 1 function. when i declear the
arrays outside a function i cant use it in a function. This code was originally written in
javascript by another person but since I plan to use it and extend it with php I had to change it
from javascript to php code. In the javascript code the arrays were decleared outside the functions
with 'var arrayname' I read somewhere that declearing javascript variables with
'var' gives it global access. Any ideas on how I can go about declearing 1 set of these
arrays t....
How To Check If Fsockopen Function Is Enabled?
(3) Hi, I have VPS (virtual private server) and I have access to php.ini file. Is there any script that
will show that fsockopen function is enabled or where do I have to enable it? Searched google and
here and couldn't find anything. Thanks! ....
Using Multiple Selection Array In Table To Order Data
Using multiple selection array in table to order data (1) have a form that has a multiple select choice, like this: CODE Code Amount Date
Ammended Expiration/Review Date Effective Date Expired Issuing Team OSL Originate
The display.php file runs a query that sorts the results based on the selection (sometimes multiple)
made in the form. The display.php file looks something like this: CODE $selectsort = $_POST ;
if( isset( $_POST )) { $query = "SELECT * FROM contracts ORDER BY '{$_POST }' DESC"; }
$result = mysql_query($query); I then echo the information in a table. I get resu....
Php Explode Function Help
(4) I am having trouble creating a script, all i want to achieve is to: 1. Select the variable from my
mysql database, which is in a format of : id|id|id|id| and so on... 2. Split them into separate
variables by using : $songexploded = explode("|",$ttyo ); 3. Then this is the bit I'm stuck on
trying to create a while loop from the $songexploded variables. So(this might not be correct but
you should get the idea).. CODE $x=1; while ($songexploded ==$result) echo $songexploded
.' '; } ....
The Best Zip Function
(1) hi my 6th code is very useful, you can zip your file by this: CODE class dZip{ var
$filename; var $overwrite; var $zipSignature = "\x50\x4b\x03\x04"; // local file header
signature var $dirSignature = "\x50\x4b\x01\x02"; // central dir header signature var
$dirSignatureE= "\x50\x4b\x05\x06"; // end of central dir signature var $files_count = 0;
var $fh; Function dZip($filename, $overwrite=true){ $this->filename =
$filename; $this->overwrite = $overwrite; } Function addDir($dirname,
$fileComments=&#....
Mail() Clone
A PHP mail() function clone (5) A lot of free web hosts have disabled the mail() function so you cannot send emails using PHP. Does
anybody know of a script that makes a function "like" mail but is able to be installed in a web
accessible directory and called included into another script and called like that? Or maybe you know
how to make such a function? I just really need to find a way around the free hosts turning of the
mail() function. I need to figure out a way to send emails.....
[php](simple) Using Functions To Combine Values In A Form
Really simple example on how to combine values with function (2) I just learned this simple method on how to use functions to combine two values from a form. First
we create ourselves a simple POST form CODE Name: Location: Now we add this php
to that same file CODE $nick = $_POST ; $location = $_POST ; function information($nick,
$location){ echo 'My nick is '.ucfirst($nick).' My location is '.$location;
} information($nick, $location); ?> that code is similar to this one CODE $nick =
$_POST ; $location = $_POST ; function information($nick, $location){ return ....
[php] Header Function
(2) Header function Greetings we are going to use the header() funtion to redirect start making a
file called page.php at the top of the file add CODE ?> Example 1 After CODE
header('Location: http://www.trap17.com'); the LOCATION means where you want it to go.
Example 2 you also can define a file that you want to redirect to After CODE
header('Location: index.php'); Example 3 you also can add a timer to it /laugh.gif"
style="vertical-align:middle" emoid=":lol:" border="0" alt="laugh.gif" /> After CODE header(&#....
What Does This Do?
$ban = ($data->login) ? $lban : $iban; (4) I'm correcting a 'few' php-files for a friend, but I got this line of code: CODE
$ban = ($data->login) ? $lban : $iban; and I don't know what it does xD Could someone please
explain me what this line does? Thanks....
Problems With Data Formatting
(2) I have a MySQL database which stores articles. A sample article would look like this: CODE This
is a body. This is a body.This is a body.This is a body.This is a body.This is a body.This is a
body.This is a body.This is a body.This is a body.This is a body.This is a body.This is a body.This
is a body.This is a body.This is a body.This is a body. This is a body.This is a body.This is a
body.This is a body.This is a body.This is a body.This is a body.This is a body.This is a body.This
is a body.This is a body.This is a body.This is a body.This is a body. That'....
Putting Data Of 2 Pages In Mysql At Once
(1) suppose i have a page, page.php?part=1 there i have some text fields. user will give input, but
after taking input, it will not put the data in mysql .. but it will take to the next step..
page.php?part=2 (if any field is left blank, it will not go to next page.. ) . and there also some
fields.. after the user has filled that form also, then it will insert all data (from part1 and
part 2) in mysql. i want to ask, how i can collect data from 2 pages and put in mysql at once.....
Error With Joomla Template
cant find function (1) Hello! I am working on my template in Dreamweaver and i am using joomla extensions for dreamweaver!
When i start my page with joomla stand alone server(jsas) i get this errors on the bottom of the
page! QUOTE Warning: mosloadcomponent(w:/www/Joomla/components/com_banner/banner.php) : failed
to open stream: No such file or directory in w:\www\Joomla\includes\frontend.php on line 66
Warning: mosloadcomponent(w:/www/Joomla/components/com_banner/banner.php) : failed to open stream:
No such file or directory in w:\www\Joomla\includes\frontend.php on line 66 Warning: m....
The Extract() Function
Something I just found out (6) The extract() function is used in PHP to take an array and split it up into variables. MySQL
queries can be parsed this way. Below is an example. CODE $query = mysql_query("select
username, password from users where uid=1"); $result = mysql_fetch_array($query, mysql_assoc);
extract($result); print "Your username is : $username"; The extract() function works for ANY
array, including $_POST, and $_GET. Makes processing form data a LOT easier /biggrin.gif"
style="vertical-align:middle" emoid=":D" border="0" alt="biggrin.gif" /> .....
Explode Function Help
need help from you programmers! (1) /smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" /> Hi I am robert I
need some help with some php coding. I am stuck with a explode function. Here is the code:
$username = $check ; $query="SELECT `buildings` FROM `authuser` WHERE `uname` =
'$username'"; $result=mysql_query($query); $result=mysql_result($result,0);
list($building1,$building2,$building3,$building4,$building5,$building6,$building7,$building8,$buildi
ng9,$building10,)=explode('|',$result,'|',$position); I want to explode a mysql
field into two seper....
Regexp Function Preg_match_all()
preg_match_all() - Help me (0) Hi, I got a new problem which has caused me to go mad but no solution. preg_match_all() - is the
problem. I have something like this: CODE Test1 Test2 Test3 Test4 Test5 Some
text.Some text.Some text. Test1 Test1 Test2 Test3 Test4 Test5 Test2 Test3
Test4 Test5 My RegExp is the following: CODE preg_match_all("/(\ )(.*)(\ )/iUx",
$text, $matches, PREG_SET_ORDER); Now this function gets 2 matches from the given text : Match
1: CODE Test1 Test2 Test3 Test4 Test5 Match 2: CODE ....
Loading Mysql Data Into A Table
(10) Hey i have a little problem with my php script. i dont really know how to make it work ^^; I want to
have this exact table: ' I made mysql table that has one column for id(auto-increment,
primary key), and then it has row and collumn and text. row means which row in the html table and
collumn wich collum. (obviously /tongue.gif" style="vertical-align:middle" emoid=":P" border="0"
alt="tongue.gif" />) here is the mysql table screenshoted from phpMyAdmin: r means row and c
collumn /tongue.gif" style="vertical-align:middle" emoid=":P" border="0" alt="tongue....
Same 1 Registeration Data For Different Purposes
(4) I want to install 4 scripts on my website .. 1- Gallery 2-Classfied Ads 3-Game Cheats Script (A
simple script where ppl can register and then submit the cheats) 4-Php Nuke The problem is that all
of 4 scripts needs registeration of members (use 4 different databases).... I want that all the
member which is registered at one place can login at all of the services..i mean , one registeration
form , that can work for all.. how i can do it ? Please tell in details..thanks.....
Question About The Mail() Function
(2) Hi, Is there any way of using the mail() function with an SMTP connection? Is there any way of
sending messages let's say for example using an email of yahoo? Any help about this woul be very
thankfull. Thanks in advance.....
How To Enable Mail() Function In Php
(1) im just trying to send mail by using a very simple php function mail() but it is not working.the
format is CODE $to = "email@example.com"; $subject = "Hi!"; $body = "Hi,\n\nHow are you?"; if
(mail($to, $subject, $body)) { echo(" Message successfully sent! "); } else { echo(" Message
delivery failed... "); } I think there is something wrong with php.ini setting..maybe
something to do with SMTP settings.. i want to send email FROM either hotmail , gmail , or yahoo or
any other web based email because i dont know my ISP smtp setting..so can anyone please ....
Include File.php?id=something
using the include() function (13) Well, I am making a full CMS system for my site, and want to make the index.php file to include the
view.php?id=1 file. I tried with this code, but it didn't work: CODE This is the error
I get: CODE Warning: main(view.php?id=1) : failed to open stream: Invalid argument in
C:\server\xampp\htdocs\test\index.php on line 1 Warning: main() : Failed opening
'view.php?id=1' for inclusion (include_path='.;C:\server\xampp\php\pear\') in
C:\server\xampp\htdocs\test\index.php on line 1 So what can I do?....
How To Use A Link To Call Function In Php?
(9) The title says it all, really. How do you call a function using in PHP? I'm doing a project
and I stumbled upon this problem. I don't want to use query string in the href part like
since that would mess up the other part of my code. Can anyone pleae help me? I've pasted the
code below. /smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /> Thanksh.
CODE function display($x){ //coding goes here. } ?> Display itmes ....
Finding Data In Meta Tags
using php to search Meta Tags for data (0) In the Head portion of an Html file, there are usually several Meta Tags that contain data about
various things, like the tag for keywords, an Author's name or maybe a description field. Here
are two example Meta tags: HTML meta name =" Keywords " content=" keyword1, keyword2 " />
meta name =" Description " content=" A Description of the file's content is here " /> So,
what I have a question about concerns checking a file to see what information is included in these
tags and using that information as variables or content in the output of the page....
php header() function help needed
automatic re-direct (4) hey ppl, u seem to have real gud knowledge about php, i just wanted a little help...i designed this
website, but i want that if i click on certain page, it should open for some few seconds and then
browser should automatically redirect me to some other page....i tried this with header() function
but i couldnt do the wait n redirect part, ... so somebody plz help.... -thanx in advance!....
Error When Using file_put_contents()
failed to call to undefined function (5) Hey all, I decided to write a script which writes some text to a file, but I have a problem when I
execute the script, I get a fatal error: QUOTE(homepage) Fatal error : Call to undefined
function: file_put_contents() in /home/cmatcme/public_html/afile.php on line 55 This is the
code I'm using to write the file: $ipfnsdoc = "/home/cmatcme/public_html/afolder/afile.txt";
if (!is_readable($ipfnsdoc)) { echo "File cannot be read"; $stopload = 1; } if
(!is_writable($ipfnsdoc)) { echo " \nFile cannot be written to"; $stoploa....
Getting List Of Directories And Files Using Php
PHP Function for Directory and File List (6) is there a php function that lists the content of some folder.... example: /New folder new.txt
left.gif download.zip dc.exe ....so is there..? /rolleyes.gif' border='0'
style='vertical-align:middle' alt='rolleyes.gif' /> ....
Looking for data, cleaning, function,
|
Searching Video's for data, cleaning, function,
See Also,
|
advertisement
|
|
