docwu99 Posted April 12, 2009 Share Posted April 12, 2009 I am using a proprietary/encoded php script to process inputs into a table. My program is structured like this ... <?php require "$root/include/config.php"; ..... require "$root/include/proprietary_code.php"; ...... ?> <form action="" method="POST" onsubmit="return check(this)"> .... <?php input($_POST['email']); ?> .... <?php input($_POST['input2']); ?> .... <?php input($_POST['input3']); ?> .... <input type="submit" name="Submit" value="enter"> </form> The check(this) is javascript that checks for syntax, empty fields, etc and holds up the POST until they are correct. The proprietary code builds my table and does some input processing like removing ">","<","?", and "|", but as far as I know, does not do all the good things that are recommended, like htmlentities, or mysql_real_escape_string I would like to add further input processing. Being a php noob. If I include a php file above the required proprietary form, then it can grab the inputs first when the form is submitted? If so, than how would I pass them on to the proprietary code. The code would have to simulate another POST submittal? Any help? Quote Link to comment https://forums.phpfreaks.com/topic/153738-solved-how-can-i-process-inputs-if-i-cannot-access-main-php-script/ Share on other sites More sharing options...
Axeia Posted April 12, 2009 Share Posted April 12, 2009 You could modify the $_POST array before it reaches the proprietary code. Quote Link to comment https://forums.phpfreaks.com/topic/153738-solved-how-can-i-process-inputs-if-i-cannot-access-main-php-script/#findComment-808012 Share on other sites More sharing options...
jackpf Posted April 12, 2009 Share Posted April 12, 2009 array_map($_POST, str_replace(array('<', '>'....etc Something like that. The only problem I've found with array mapping however, is that if you're posting an array, it messes up. Quote Link to comment https://forums.phpfreaks.com/topic/153738-solved-how-can-i-process-inputs-if-i-cannot-access-main-php-script/#findComment-808108 Share on other sites More sharing options...
.josh Posted April 12, 2009 Share Posted April 12, 2009 If you have proprietary code that doesn't do something basic like mysql_real_escape_string... why use it? Sounds like it either sucks or is way out-dated. But anyways, you can have the form post to your own script, do your stuff and have the script send it to this proprietary script via curl. Quote Link to comment https://forums.phpfreaks.com/topic/153738-solved-how-can-i-process-inputs-if-i-cannot-access-main-php-script/#findComment-808133 Share on other sites More sharing options...
docwu99 Posted April 13, 2009 Author Share Posted April 13, 2009 If you have proprietary code that doesn't do something basic like mysql_real_escape_string... why use it? Sounds like it either sucks or is way out-dated. Cuz I haven't coded since 2001 and it wasn't PHP or Java. But am getting into this. Anyway, I need to understand the $_POST[] better. I found a place where the data was available in the php code. Later in the HTML code, the author rewrote the form with hidden values for all the inputs. He then redid all the POSTS in the next php module, i.e. $user_input= $_POST[user_input]; So because they were hidden, these POST entries don't show in the source code of the browser, but exist? Anyway, at that point, I opened the database to enable mysql_escape_strings(), applied htmlentities, and both functions worked. Can see the results in the database when I insert bad inputs. I feel better. Also, thanks for telling me about curl. I am going to play around with it. Hmmm, can't find the "Marked Solved" button. Quote Link to comment https://forums.phpfreaks.com/topic/153738-solved-how-can-i-process-inputs-if-i-cannot-access-main-php-script/#findComment-808442 Share on other sites More sharing options...
jackpf Posted April 13, 2009 Share Posted April 13, 2009 Hidden inputs do appear in the source code. How else would the browser send them as post data? And the solved button is on the bottom left Quote Link to comment https://forums.phpfreaks.com/topic/153738-solved-how-can-i-process-inputs-if-i-cannot-access-main-php-script/#findComment-808550 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.