stuart7398 Posted April 11, 2008 Share Posted April 11, 2008 hi. not sure where this topic belongs. i have a form for my members to update their details. however, it seems anything and any length of input can be placed and saved in the form. any help appreciated. Thanks. mysql_query("UPDATE members SET firstname='$firstname', mobile='$mobile', phone_2='$phone_2', address_1='$address_1', county='$county' , post_code='$post_code', login='$login', sec_question='$sec_question' WHERE member_id = '$SESS_MEMBER_ID'") or die("Update error: ".mysql_error()); } list($member_id, $firstname, $mobile, $phone_2, $address_1, $county, $post_code, $login, $sec_question,) = mysql_fetch_array(mysql_query("SELECT member_id, firstname, mobile, phone_2, address_1, county, post_code, login, sec_question FROM members WHERE member_id = '$SESS_MEMBER_ID'")); Print '<table style="table-layout:fixed; width:96%" class="up_account" border="0px">'; Print '<tr><td width="25%"><h3>Update Profile</h3></td><td width="25%"></td><td width="40%"></td></tr>'; Print '<tr>'; Print '<td>Membership Number: '.$member_id.'</td>'; Print '<td></td>'; Print '<td></td>'; Print '</tr>'; Print '<tr>'; Print '<td><h3>Personal Details</h3></td>'; Print '<td></td>'; Print '<td><form method="post" action=""></td>'; Print '</tr>'; Print '<tr>'; Print '<td>Name</td>'; Print '<td><input type="text" name="name" size="22" value="'.$name.'" /></td>'; Print '<td>'.$name.'</td>'; Print '</tr>'; Quote Link to comment Share on other sites More sharing options...
MiCR0 Posted April 11, 2008 Share Posted April 11, 2008 sounds like your not error checking your POST/GET etc. your need to post all of the code in order to see the problem. Quote Link to comment Share on other sites More sharing options...
stuart7398 Posted April 11, 2008 Author Share Posted April 11, 2008 <?php require('atu.php'); ?> <?php $page_title = 'once ('../head.php'); ?> <?php require_once('../nav.php'); ?> <?php require '../config.php'; require '../opendb.php'; $member_id = "$SESS_MEMBER_ID"; if(isset($_POST['save'])){ $firstname = mysql_real_escape_string($_POST['firstname']); $mobile = mysql_real_escape_string($_POST['mobile']); $phone_2 = mysql_real_escape_string($_POST['phone_2']); $address_1 = mysql_real_escape_string($_POST['address_1']); $county = mysql_real_escape_string($_POST['county']); $post_code = mysql_real_escape_string($_POST['post_code']); $login = mysql_real_escape_string($_POST['login']); $sec_question = mysql_real_escape_string($_POST['sec_question']); mysql_query("UPDATE members SET firstname='$firstname', mobile='$mobile', phone_2='$phone_2', address_1='$address_1', county='$county' , post_code='$post_code', login='$login', sec_question='$sec_question' WHERE member_id = '$SESS_MEMBER_ID'") or die("Update error: ".mysql_error()); } list($member_id, $firstname, $mobile, $phone_2, $address_1, $county, $post_code, $login, $sec_question,) = mysql_fetch_array(mysql_query("SELECT member_id, firstname, mobile, phone_2, address_1, county, post_code, login, sec_question FROM members WHERE member_id = '$SESS_MEMBER_ID'")); Print '<table style="table-layout:fixed; width:96%" class="up_account" border="0px">'; Print '<tr><td width="25%"><h3>Update Profile</h3></td><td width="25%"></td><td width="40%"></td></tr>'; Print '<tr>'; Print '<td>Membership Number: '.$member_id.'</td>'; Print '<td></td>'; Print '<td></td>'; Print '</tr>'; Print '<tr>'; Print '<td><h3>Personal Details</h3></td>'; Print '<td></td>'; Print '<td><form method="post" action=""></td>'; Print '</tr>'; Print '<tr>'; Print '<td>Name</td>'; Print '<td><input type="text" name="name" size="22" value="'.$name.'" /></td>'; Print '<td>'.$name.'</td>'; Print '</tr>'; Print '<tr>'; Print '<td>Age</td>'; Print '<td><input type="text" name="age" size="22" value="'.$age.'" /></td>'; Print '<td>'.$age.'</td>'; Print '</tr>'; Print '<tr>'; Print '<td>Visit My Website</td>'; Print '<td><input type="text" name="website" size="22" value="'.$website.'" /></td>'; Print '<td>'.$website.'</td>'; Print '</tr>'; Print '<td><p><input type="button" value="Save Profile" name="save" /></p></form></td>'; Print '<td><a href="http://www.abc.com/update-profile.php"/><input type="button" value="Reset Form" /></a></td>'; Print '<td></td>'; Print '</tr>'; Print '</table>'; ?> </div></div> <?php @ require_once ('tnav.php'); @ require_once ('mem_rn.php'); @ require_once ('foot.php'); ?> Quote Link to comment Share on other sites More sharing options...
MiCR0 Posted April 11, 2008 Share Posted April 11, 2008 ok looks to me like you have a bug at the top <?php $page_title = 'once ('../head.php'); ?> what is with all of the php tags when its all php? ok anyways what u want to do is length check all of the inputs like this. $length1 = strlen($firstname); if ($length1 > 15 ){ $firstname = ''; echo "ERROR first name to big"; } you also are not even checking for valid data and cross scripting. function RemoveXSS($val) { $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val); $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|\'\\'; for ($i = 0; $i < strlen($search); $i++) { $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); } $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); $ra = array_merge($ra1, $ra2); $found = true; while ($found == true) { $val_before = $val; for ($i = 0; $i < sizeof($ra); $i++) { $pattern = '/'; for ($j = 0; $j < strlen($ra[$i]); $j++) { if ($j > 0) { $pattern .= '('; $pattern .= '(&#[xX]0{0,8}([9ab])'; $pattern .= '|'; $pattern .= '|(�{0,8}([9|10|13])'; $pattern .= ')*'; } $pattern .= $ra[$i][$j]; } $pattern .= '/i'; $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); $val = preg_replace($pattern, $replacement, $val); if ($val_before == $val) { $found = false; } } } return $val; } function cleanValue($_value) { $_value = stripslashes(strip_tags($_value)); $_value = str_replace(array('delete', 'DELETE', 'rm -', ' ', '!', '|', '?', '&', '=', '-', '`', "'", '"', '\\\\', '\\', '//', '/', ',', ';', ':', '*', '>', '<' ), '', $_value); return trim($_value); } using the above functions you can use them on all of your POST etc like this $firstname = mysql_real_escape_string(cleanValue(RemoveXSS($_POST['firstname']))); and Last when you do a form there basic HTML code to LOCK input length this is called maxlength as show here <td><input type="text" name="website" maxlength="50" size="22" value="'.$website.'" /></td> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.