shadowx
Feb 4 2007, 12:18 PM
Hi all, this is my first function and as part of a script and i just want to know a couple of things. here is the code for the function: CODE <?
function clean($dirty_string) {
$muddy_string = stripslashes($dirty_string);
$murky_string = strip_tags($muddy_string);
$clean_string = htmlentities($murky_string);
};
?> So the first thing is how secure is it? the script this will be used in connects to a database and sends an email so it needs to stop SQL injections and any email abuse it might cause, also the data stored in the database will be usaed as part of a HTML page so it needs to be HTML proof which is why i used HTMLENTITIES and of course STRIP_TAGS gets rid of php and HTML so was a good choice i thought. That is all really! If its not that secure then are there any other built in functions i could add? Thanks
Reply
cooleappie
Apr 28 2008, 07:07 PM
As far as i can see, is it for that purpose good enough.. If it would be for a very important part which other persons may in no case enter, i would add more.. but this is enough for this..
Reply
galexcd
Apr 28 2008, 07:50 PM
It is pretty good, I just have a couple of quick suggestions to add. First of all why are you wasting memory on the server with all of those useless variables? Even though its temporarily while your page is loading. Normally for code this short it wouldn't matter, but since its a function that will be included in other pages, the object of it is to be fast and effective. The faster and more effective it is the better the function is. Also I assume the reason you have htmlentities after strip_tags is to parse '<' and '>' that are not in tag format? (for example an arrow: -->). If you are doing this why do you also strip_tags? Is it important to completely eliminate tags that are in html format? Why not just keep them in there and just parse them into > and <? Also, I would think that add_slashes would make it more secure than strip_slashes. This would escape out quotes, and would also escape out any backslashes that strip_slashes would remove, rendering them useless.
Reply
Similar Topics
Keywords : data, cleaning, function,
- Endif function?
(6)
Php + Mysql Question!
While inserting data into MySQL, how can I know if the data I'm in (4) Basically, I want to know if the Data I'm inserting through a Form is already there or not. Sort
of a Username registration page. I have this, but it doesn't appear to work... CODE
$result = mysql_query("SELECT * FROM users WHERE
username='$username'"); if($result == 1) { echo
'<h1>ERROR!</h1>The username you have chosen already exists!'; }
....
Php Email Validation
A PHP data validation class with many functions (1) I've been reading through my old php book (PHP 4.1) and came across this data validation class.
It can check a number of things ranging from telephone numbers , credit card number formats, email
address and some others. I checked out some of the methods although I didnt expect it to work 100%
because I've found source code errors thoughout the book and CD. I tested out a few of the
methods to check and some of them did return expected results but some didnt either so the data
validation class was not perfect and it didnt really bother me. The cool thing I found....
Arrays Outside A Function
Need to have arrays available to all functions. (3) I've got a bunch of arrays that i want to use for more then 1 function. when i declear the
arrays outside a function i cant use it in a function. This code was originally written in
javascript by another person but since I plan to use it and extend it with php I had to change it
from javascript to php code. In the javascript code the arrays were decleared outside the functions
with 'var arrayname' I read somewhere that declearing javascript variables with
'var' gives it global access. Any ideas on how I can go about declearing 1 set of these
arrays t....
How To Check If Fsockopen Function Is Enabled?
(2) Hi, I have VPS (virtual private server) and I have access to php.ini file. Is there any script that
will show that fsockopen function is enabled or where do I have to enable it? Searched google and
here and couldn't find anything. Thanks! ....
Using Multiple Selection Array In Table To Order Data
Using multiple selection array in table to order data (1) have a form that has a multiple select choice, like this: CODE <form method="post"
action="display.php" <select multiple name="selectsort[]">
<option value="code">Code</option> <option
value="amount">Amount</option> <option value="dateammended">Date
Ammended</option> <option value="expreviewdate">Expiration/Review
Date</option> <option value="effectivedate">Effective Date</option>
<option value="e....
Php Explode Function Help
(4) I am having trouble creating a script, all i want to achieve is to: 1. Select the variable from my
mysql database, which is in a format of : id|id|id|id| and so on... 2. Split them into separate
variables by using : $songexploded = explode("|",$ttyo ); 3. Then this is the bit I'm
stuck on trying to create a while loop from the $songexploded variables. So(this might not be
correct but you should get the idea).. CODE $x=1; while ($songexploded
==$result) echo $songexploded[$x].'<br>'; }....
The Best Zip Function
(1) hi my 6th code is very useful, you can zip your file by this: CODE <? class dZip{ var
$filename; var $overwrite; var $zipSignature =
"\x50\x4b\x03\x04"; // local file header signature var
$dirSignature = "\x50\x4b\x01\x02"; // central dir header signature
var $dirSignatureE= "\x50\x4b\x05\x06"; // end of central dir
signature var $files_count = 0; var $fh; Function
dZip($filename, $overwri....
Mail() Clone
A PHP mail() function clone (5) A lot of free web hosts have disabled the mail() function so you cannot send emails using PHP. Does
anybody know of a script that makes a function "like" mail but is able to be installed in a web
accessible directory and called included into another script and called like that? Or maybe you know
how to make such a function? I just really need to find a way around the free hosts turning of the
mail() function. I need to figure out a way to send emails.....
[php](simple) Using Functions To Combine Values In A Form
Really simple example on how to combine values with function (2) I just learned this simple method on how to use functions to combine two values from a form. First
we create ourselves a simple POST form CODE <form method="POST"> Name:
<input type="text" name="nickname"> Location: <input
type="text" name="location"> <input type="submit"
value="Input"> </form> Now we add this php to that same file CODE
<?php $nick = $_POST['nickname']; $location =
$_POST['location' ....
[php] Header Function
(2) Header function Greetings we are going to use the header() funtion to redirect start making a
file called page.php at the top of the file add CODE <?php ?> Example 1 After
CODE header('Location: http://www.trap17.com'); the LOCATION means
where you want it to go. Example 2 you also can define a file that you want to redirect to After
CODE header('Location: index.php'); Example 3 you also can add a timer to
it /laugh.gif" style="vertical-align:middle" emoid=":lol:" border="0" alt=....
What Does This Do?
$ban = ($data->login) ? $lban : $iban; (4) I'm correcting a 'few' php-files for a friend, but I got this line of code: CODE
$ban = ($data->login) ? $lban : $iban; and I don't know
what it does xD Could someone please explain me what this line does? Thanks....
Problems With Data Formatting
(2) I have a MySQL database which stores articles. A sample article would look like this: CODE This
is a body. This is a body.This is a body.This is a body.This is a body.This is a body.This is a
body.This is a body.This is a body.This is a body.This is a body.This is a body.This is a body.This
is a body.This is a body.This is a body.This is a body. This is a body.This is a body.This is a
body.This is a body.This is a body.This is a body.This is a body.This is a body.This is a body.This
is a body.This is a body.This is a body.This is a body.This is a body. That'....
Putting Data Of 2 Pages In Mysql At Once
(1) suppose i have a page, page.php?part=1 there i have some text fields. user will give input, but
after taking input, it will not put the data in mysql .. but it will take to the next step..
page.php?part=2 (if any field is left blank, it will not go to next page.. ) . and there also some
fields.. after the user has filled that form also, then it will insert all data (from part1 and
part 2) in mysql. i want to ask, how i can collect data from 2 pages and put in mysql at once.....
Error With Joomla Template
cant find function (1) Hello! I am working on my template in Dreamweaver and i am using joomla extensions for
dreamweaver! When i start my page with joomla stand alone server(jsas) i get this errors on the
bottom of the page! QUOTE Warning:
mosloadcomponent(w:/www/Joomla/components/com_banner/banner.php) : failed to open stream: No such
file or directory in w:\www\Joomla\includes\frontend.php on line 66 Warning:
mosloadcomponent(w:/www/Joomla/components/com_banner/banner.php) : failed to open stream: No such
file or directory in w:\www\Joomla�....
The Extract() Function
Something I just found out (6) The extract() function is used in PHP to take an array and split it up into variables. MySQL
queries can be parsed this way. Below is an example. CODE $query =
mysql_query("select username, password from users where uid=1"); $result =
mysql_fetch_array($query, mysql_assoc); extract($result); print "Your
username is : $username"; The extract() function works for ANY array, including
$_POST, and $_GET. Makes processing form data a LOT easier /biggrin.gif"
style="vertical-align:midd....
Explode Function Help
need help from you programmers! (1) /smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" /> Hi I am robert I
need some help with some php coding. I am stuck with a explode function. Here is the code:
$username = $check ; $query="SELECT `buildings` FROM `authuser` WHERE
`uname` = '$username'"; $result=mysql_query($query);
$result=mysql_result($result,0);
list($building1,$building2,$building3,$building4,$building5,$building6
,$building7,$building8,$building9,�....
Regexp Function Preg_match_all()
preg_match_all() - Help me (0) Hi, I got a new problem which has caused me to go mad but no solution. preg_match_all() - is the
problem. I have something like this: CODE [ol] [li]Test1[/li]
[li]Test2[/li] [li]Test3[/li] [li]Test4[/li]
[li]Test5[/li] [/ol] Some text.Some text.Some text. [ol]
[li]Test1[/li] [ol] [li]Test1[/li]
[li]Test2[/li] [li]Test3[/li] [li]Test4[/li]
[li]Test5[/li] &....
Loading Mysql Data Into A Table
(10) Hey i have a little problem with my php script. i dont really know how to make it work ^^; I want to
have this exact table: ' I made mysql table that has one column for id(auto-increment,
primary key), and then it has row and collumn and text. row means which row in the html table and
collumn wich collum. (obviously /tongue.gif" style="vertical-align:middle" emoid=":P" border="0"
alt="tongue.gif" />) here is the mysql table screenshoted from phpMyAdmin: r means row and c
collumn /tongue.gif" style="vertical-align:middle" emoid=":P" border="0" alt="tongue....
Same 1 Registeration Data For Different Purposes
(4) I want to install 4 scripts on my website .. 1- Gallery 2-Classfied Ads 3-Game Cheats Script (A
simple script where ppl can register and then submit the cheats) 4-Php Nuke The problem is that all
of 4 scripts needs registeration of members (use 4 different databases).... I want that all the
member which is registered at one place can login at all of the services..i mean , one registeration
form , that can work for all.. how i can do it ? Please tell in details..thanks.....
Question About The Mail() Function
(2) Hi, Is there any way of using the mail() function with an SMTP connection? Is there any way of
sending messages let's say for example using an email of yahoo? Any help about this woul be very
thankfull. Thanks in advance.....
How To Enable Mail() Function In Php
(1) im just trying to send mail by using a very simple php function mail() but it is not working.the
format is CODE $to = "email@example.com"; $subject = "Hi!";
$body = "Hi,\n\nHow are you?"; if (mail($to, $subject,
$body)) { echo("<p>Message successfully
sent!</p>"); } else { echo("<p>Message delivery
failed...</p>"); } I think there is something wrong with php.ini
setting..maybe something to do with SMTP ....
Include File.php?id=something
using the include() function (13) Well, I am making a full CMS system for my site, and want to make the index.php file to include the
view.php?id=1 file. I tried with this code, but it didn't work: CODE <?php include
'view.php?id=1' ?> This is the error I get: CODE Warning:
main(view.php?id=1) [function.main]: failed to open stream: Invalid argument
in C:\server\xampp\htdocs\test\index.php on line 1 Warning:
main() [function.include]: Failed opening 'view.php?id=1' for inclusion
(i....
How To Use A Link To Call Function In Php?
(7) The title says it all, really. How do you call a function using in PHP? I'm doing a project
and I stumbled upon this problem. I don't want to use query string in the href part like
since that would mess up the other part of my code. Can anyone pleae help me? I've pasted the
code below. /smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /> Thanksh.
CODE <?php function display($x){ //coding goes here. } ?>
<html> <body> <p align="center"> <a href="what g....
Finding Data In Meta Tags
using php to search Meta Tags for data (0) In the Head portion of an Html file, there are usually several Meta Tags that contain data about
various things, like the tag for keywords, an Author's name or maybe a description field. Here
are two example Meta tags: HTML meta name =" Keywords " content=" keyword1, keyword2 " />
meta name =" Description " content=" A Description of the file's content is here " /> So,
what I have a question about concerns checking a file to see what information is included in these
tags and using that information as variables or content in the output of the page....
php header() function help needed
automatic re-direct (4) hey ppl, u seem to have real gud knowledge about php, i just wanted a little help...i designed this
website, but i want that if i click on certain page, it should open for some few seconds and then
browser should automatically redirect me to some other page....i tried this with header() function
but i couldnt do the wait n redirect part, ... so somebody plz help.... -thanx in advance!....
Need Help With Php
GET function with timer (2) I need some help on creating a timer that every thirty minutes, refreshes on a URL. I know how to
get the page, but I have no idea how to create a timer that initiates it. Could someone point me on
a helpful direction?....
Question For The If And Echo Function
(2) I'm not that good with PHP, and I tried this code: CODE if (
$_SERVER['REQUEST_URI'] == ('/') )/*'/' is the
domain root*/ { echo('<img src="{I_ONEURL}" border="0"
alt="{T_SOMETHING}" />'); } else { echo('<img
src="{I_ANOTHERURL}" border="0" alt="{T_SOMETHING}" />'); }
However, it doesn't work. So, basically, I want that if the request is at the root (actually
mysubdomain.domain.com), it will show {I_ONEURL....
Listing From Table Row Data
Listing all members (5) Hello, it's been a while since i've been active in the PHP Board ( i used to be really
active in here ), not only to help others but also to request help ( people knowing those requests,
dont share your bad experience with my requests /tongue.gif' border='0'
style='vertical-align:middle' alt='tongue.gif' /> ) Anyway, i am requesting help on a listing of
members, i totally forgot about how to fetch the rows from a table and display each row, i thought
it was: CODE $result=mysql_query("SELECT * FROM $usertable ORDER BY id
DESC") or....
Need Help With The Header() Function
I am redirecting from my old site (2) Over a month ago, I bought a domain name for my site, but my site is still not indexed. I did
everything needed to get indexed, but I forgot one thing: The old site had exactly the same content
as the new one. So I had duplicate content. Therefore, I want my old site to redirect the user to
the new site with this script: CODE <?php header("Location:
http://www.global-rs.com" . $_SERVER['REQUEST_URI']); exit; ?>
global-rs.com is my new URL. However, on my old site, which I will be placing this code on, there
i....
Looking for data, cleaning, function,
|
|
Searching Video's for data, cleaning, function,
|
advertisement
|
|
