Jump to content

Recommended Posts

I've just finished a little project which I started in order to help me understand PHP & MySQL better. It's been a steep learning curve, but I feel now that I have grasped the basics. So with this in mind, please feel free to comment on my efforts.

 

T.P.Org.Uk - Tractor Pulling Database

 

 

Link to comment
https://forums.phpfreaks.com/topic/175274-tractor-pulling-database/
Share on other sites

Be sure to santitize the input to any form before using in code. Put the following into your search field and see what happens (won't do any damage):

// put this into your search box
<script language="javascript">alert('xss attack');</script>

Be sure to santitize the input to any form before using in code. Put the following into your search field and see what happens (won't do any damage):

// put this into your search box
<script language="javascript">alert('xss attack');</script>

 

Thanks for your input Neil, but how do I 'sanitize' the input?  It's not an area I am familiar with.  If you could point me in the right direction, I would be most grateful.

 

 

Data from a form post or url parameters is held in the $_POST or $_GET array (in the case of a form decided by the form method <form method="post>)

You should clean this data prior to placing in any function or database query. Some simple functions:

 

<?php
// data from form is in post array
$searchString = $_POST['searchterm'];
// check that the value is not balnk
if(strlen(trim($searchString))) {
// remove any injected html
$searchString = strip_tags(trim($searchString));
// perform search query and escape variable
$result = mysql_query("SELECT * FROM tablename WHERE x LIKE '".mysql_real_escape_string($searchString)."%'");
print "Your search for: ".$searchString." returned ".mysql_num_rows($searchString)." results"; 
}
else {
print "Please enter a valid search term";
}
?>

  • 2 weeks later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.