dk4210
-
Posts
154 -
Joined
-
Last visited
Posts posted by dk4210
-
-
That seems to work. But I have a question here.
Does EXTR_PREFIX_ALL add a prefix onto the var name?
If so, would it be a good idea to append a prefix and then code a check to make sure that all vars have that prefix and if they don't error out?
I was even thinking of creating a table in the db of allowed vars, so if a hacker tried to inject rouge vars, that it would catch it.. Its like a white list
What are your thoughts on that?
-
Hey I tried this code
foreach ($_POST as $key => $value) { $_POST[$key] = filter($value); print "{$key} is {$_POST[$key]}<br />"; }But when I echo out vars it doesn't work. It did with the
Like this echo "<br><br><br>This is the viewname" . $ad_title; echo "<br><br><br>This is the price" . $price;
It did work with this code but had the security issue
foreach (array_keys($_POST) as $key) { $$key = $_POST[$key]; $$key = filter($value); print "$key is ${$key}<br />"; }Please advise..
-
Ok point taken so how to I resolve it..
Here is my foreach
foreach ($_POST as $key=>$value) { $$key = $_POST[$key]; $$key = filter($value); print "$key is ${$key}<br />"; }Here is my filter function
function filter($data) { $data = trim(htmlentities(strip_tags($data))); if (get_magic_quotes_gpc()) $data = stripslashes($data); $data = mysql_real_escape_string($data); return $data; }How would I code it to patch the gaping security hole that you are referring to?
Thanks for all your help
-
That did the trick!
Thanks alot!
-
Hello guy,
Just wanted to see how I could resolve this issue
I have a foreach loop here that will spit out the vars.
foreach (array_keys($_POST) as $key) { $$key = $_POST[$key]; print "$key is ${$key}<br />"; } echo "<br><br><br>This is the viewname" . $viewname; echo "<br><br><br>This is the price" . $price;I am trying to run the post vars through a filter (The filter name is filter($value) but I cant get it to work.
I tried this
foreach (array_keys($_POST) as $key) { $$key = $_POST[$key]; $$key = filter($value); print "$key is ${$key}<br />"; } echo "<br><br><br>This is the viewname" . $viewname; echo "<br><br><br>This is the price" . $price;Any ideas?
Thanks, Dan
-
Thanks for the quick reply. The reason I want to have individual vars is because when I found out about the foreach loop already had many vars that my function depends on.
For example I have the following function
//Add a flood control function to check to see if the title,body & member id match Flood_Control($ad_title,$member_id,$ad_body);
Notice that I have the vars in there.. I hate to recode all that to this
Flood_Control( $mydata['ad_title'], $mydata['memberid'], $mydata['ad_body']);
Seems to defeat the purpose..
If I had a way that I could reference to a $var as opposed to $mydata['$var'] would be great..
Can you please give me an example of the array_map();?
If you still want to use individual variables, you should only convert expected variablesPlease explain more on that.
I am going to research this ---> EXTR_PREFIX_ALL
-
Hello Guys,
I have a question.
I have the following code to grab all of my $_POST vars and run through my filter function
foreach($_POST as $key => $value) { $mydata[$key] = filter($value); }Before using the foreach loop I was just doing the basic
$var1 = $_POST['var1'];
$var2 = $_POST['var2'];
I'm going to have about 40 - 50 $_POST vars so my question is how do i return it as just a $var name instead of having to do this
echo "<br><br><br>example1" . $mydata['var1'];
echo "<br><br><br>example2" . $mydata['var2'];
I guess its hard for me to explain..
Thanks for your help!
-
Perfect!!! Thanks Man..
I like the -
hahaah
-
Hmm Still not working for me. Within the function I get a 1(which is correct) out side the function I get nothing.
index.php page (Echo just to test it)
// Function to choose which query to use what_Table($scat); $w_query = what_Table($scat); echo" This is outside the function" . $w_query; exit;
The function [echo just to test it out]
/ Choosing cat type function. This is for differnt queries. function what_Table($scat){ $ctquery = mysql_query("SELECT w_query FROM ad_category WHERE cat_status='1' AND cat_id='$scat'") or die(mysql_error()); $row = mysql_fetch_array($ctquery); // Stands for which query $w_query = $row['w_query']; Echo "<br>This is inside the function" . $w_query; Here is the result.. http://screencast.com/t/T2voSWe0zDja Thanks for all your help thus far..I just can't seem to get it working correctly.. -
Echo does work, but I don't want it to echo out the value to the screen. I would like it to return the value instead.
-
Hello Guys,
I am trying to understand how to return a value from a function. I just can't get it to work.
For example I have a page lets call it index.php and on this page I have a call to a function like this
$scat = 2; // Function to choose which query to use what_Table($scat,$w_query); echo "This is the w query" $w_query;
I have an included file called general_functions.php and on that page I have this code
function what_Table($scat,$w_query){ $ctquery = mysql_query("SELECT w_query FROM ad_category WHERE cat_status='1' AND cat_id='$scat'") or die(mysql_error()); $row = mysql_fetch_array($ctquery); // Stands for which query $w_query = $row['w_query']; return $w_query;The echo $w_query does not return a value. Any help would be appreciated!
Thanks, Dan
-
Hi,
I replaced it and I echo'd
the two vars
I still get "0" for both
Here is my entire code
$search_for_bad_words = mysql_query("SELECT * FROM badwords WHERE 1"); $ad_title2 = $ad_title; $ad_body2 = $ad_body; //$wordlist = "shit:cr*p|dang:d*ng|shoot:sh**t"; $seperate_text = "|"; $entry_seperate_text = ":"; while($row = mysql_fetch_array($search_for_bad_words)) { $wordlist = $wordlist.$seperate_text.$row[word].$entry_seperate_text.$row[r_word]; } $words = explode('|', $wordlist); $count = 0; foreach ($words as $word) { list($match, $replacement) = explode(':', $word); //$ad_title2 = preg_replace("/([^a-z^A-Z]?)($match)([^a-z^A-Z]?)/i", "$1".$replacement."$3", $ad_title2, -1,$count); //$ad_body2 = preg_replace("/([^a-z^A-Z]?)($match)([^a-z^A-Z]?)/i", "$1".$replacement."$3", $ad_body2, -1,$count); $ad_title2 = preg_replace("/([^a-z^A-Z]?)($match)([^a-z^A-Z]?)/i", "$1".$replacement."$3", $ad_title2, -1, $title_rep); $ad_body2 = preg_replace("/([^a-z^A-Z]?)($match)([^a-z^A-Z]?)/i", "$1".$replacement."$3", $ad_body2, -1, $body_rep); } echo "This is title" . $title_rep; echo "<br>"; echo "This is body" . $body_rep;Any ideas?
-
Hello guys.
I have the following code and I would like to count the number of times that the word has been replaced.
I tried echo count ($replacement) and echo count ($match) but both only show "1". I want to be able to tell if there has been a replacement and send a warning email and/or add a flag in the db.
$search_for_bad_words = mysql_query("SELECT * FROM badwords WHERE 1"); $ad_title2 = $ad_title; $ad_body2 = $ad_body; //$wordlist = "shit:cr*p|dang:d*ng|shoot:sh**t"; $seperate_text = "|"; $entry_seperate_text = ":"; while($row = mysql_fetch_array($search_for_bad_words)) { $wordlist = $wordlist.$seperate_text.$row[word].$entry_seperate_text.$row[r_word]; } $words = explode('|', $wordlist); foreach ($words as $word) { list($match, $replacement) = explode(':', $word); $ad_title2 = preg_replace("/([^a-z^A-Z]?)($match)([^a-z^A-Z]?)/i", "$1".$replacement."$3", $ad_title2); $ad_body2 = preg_replace("/([^a-z^A-Z]?)($match)([^a-z^A-Z]?)/i", "$1".$replacement."$3", $ad_body2); }Thanks for all your help!
-
Hi stawkerm0h,
This whole script is a filtering script when you need to filter out specific words when you have a form with text fields and textareas.
This code here basically lists the words to filter and their replacement. Like the second one. Let's say the user enters the word "dang" it will be replaced by d*ng (It's separated by the
$wordlist = "sh%t:cr*p|dang:d*ng|shoot:sh**t";
This code here does the same thing EXCEPT it queries the database for the words instead of having a static word list
$seperate_text = "|"; $entry_seperate_text = ":"; while($row = mysql_fetch_array($search_for_bad_words)) { $wordlist = $wordlist.$seperate_text.$row[word].$entry_seperate_text.$row[r_word]; }Hope this helps!
-
You are a genius.. That worked great!
-
Anybody want to take a stab at it?
-
Hi guys,
I have the following code, How can I query the database for the bad words and the replacements and make it work.
$ad_title2 = $ad_title; $ad_body2 = $ad_body; $wordlist = "sh%t:cr*p|dang:d*ng|shoot:sh**t"; $words = explode('|', $wordlist); foreach ($words as $word) { list($match, $replacement) = explode(':', $word); $ad_title2 = preg_replace("/([^a-z^A-Z]?)($match)([^a-z^A-Z]?)/i", "$1".$replacement."$3", $ad_title2); $ad_body2 = preg_replace("/([^a-z^A-Z]?)($match)([^a-z^A-Z]?)/i", "$1".$replacement."$3", $ad_body2); }Here is my table structure
Table name is badwords
I have 3 columns
id | word | r_word
Any help would be greatly appreciated!
-
Hi Brent,
The difference is that
== will return TRUE whether the two operands have the same value or not.
=== evaluates to TRUE if the two operands have the same value and are the same type.
99% of the time I just use == . I've never used ===
-
Hello Guys,
I need some help here.. I want to implement a Bad word filter and not quite sure how to do it..
I am grabbing the following vars from the text fields
$ad_title = filter_var($_POST['ad_title'], FILTER_SANITIZE_STRING,FILTER_FLAG_NO_ENCODE_QUOTES);
$ad_body = filter_var($_POST['description'], FILTER_SANITIZE_STRING,FILTER_FLAG_NO_ENCODE_QUOTES);
Then its inserted into the db.
I would like to run it through this function first..
FUNCTION BadWordFilter(&$text, $replace){ // fill this array with the bad words you want to filter and their replacements $bads = ARRAY ( ARRAY("butt","b***"), ARRAY("poop","p***"), ARRAY("crap","c***") ); IF($replace==1) { //we are replacing $remember = $text; FOR($i=0;$i<sizeof($bads);$i++) { //go through each bad word $text = EREGI_REPLACE($bads[$i][0],$bads[$i][1],$text); //replace it } IF($remember!=$text) RETURN 1; //if there are any changes, return 1 } ELSE { //we are just checking FOR($i=0;$i<sizeof($bads);$i++) { //go through each bad word IF(EREGI($bads[$i][0],$text)) RETURN 1; //if we find any, return 1 } } } // this will replace all bad words with their replacements. $any is 1 if it found any $any = BadWordFilter($wordsToFilter,1);I really would also like to query a table for any words that match and then use a replacement like [censored]
Any help would be greatly appreciated!
-
-
Hi Denno,
Here is my entire css file - http://pastebin.com/bLZf8UaV
Here is my function - http://pastebin.com/VPdnbZMi
Thanks for all your help!
-
Here is the source
<div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="1">Medical Insurance</option></label></div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="2">Dental Insurance</option></label></div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="3">Life Insurance</option></label></div><div class="clearboth">test</div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="4">Disability Insurance</option></label></div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="5">Retirement / Pension Plans</option></label></div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="6">Company Car</option></label></div><div class="clearboth">test</div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="7">Company Uniform</option></label></div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="8">Direct deposit Payroll</option></label></div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="9">Gym Membership</option></label></div><div class="clearboth">test</div><div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="10">Flexible Spending Accounts</option></label></div><div class="cbwrapper"><label>
Seems to be adding the clear to an empty <div>
-
Hello Guys,
I still cant get this right.. Could I get a little more help..
Here is my code
while($r = mysql_fetch_array($result2)){ echo '<div class="cbwrapper"><label><input type="checkbox" name="keys[]" value="'.$r["b_id"].'">'.$r["b_name"].'</option></label></div>'; $i++; if(($i%3) == 0){ echo '<div class="clearboth">test</div>';It does display the test every 3rd one which is cool but it won't clear:both for some reason..
Any advice would be helpful..
Thanks, Dan
This is what i am trying to do - http://screencast.com/t/WpVN6a8mkQj
-
Thanks guys I will give it a try..
Filtering out any web address in $_POST vars
in PHP Coding Help
Posted
Hello Guys,
I want to be able to filter out any url in any of form $_POST vars? Would I do it with a foreach loop and the preg replace function?
I would consider any web address in my form spam. I would like to filter it out..
I'm already using
Strip tags, htmlentities, strip_tags, stripslashes & mysql_real_escape_string but they don't seem to filter out URLs..
Thanks for your help in advanced..