Security Time :) would this work?

Demonic · September 17, 2006

[code]
<?php
function no_injection($string){
if(!htmlspecialchars($string)){
$string = htmlspecialchars($string);
}
return $string;
}
?>
[/code]

would this work in any way?

wildteen88 · September 17, 2006

This bit makes not sense:
[code]if(!htmlspecialchars($string)){
$string = htmlspecialchars($string);
}[/code]
How will PHP know you have ran htmlspecialchars? Also this bit of code [code=php:0]$string = htmlspecialchars($string);[/code] will never be run, as PHP will run htmlspecialchars on the string being passed to the function in this bit of code:
[code=php:0]if(!htmlspecialchars($string)){[/code]. So yout function is abit of a waste.

Demonic · September 17, 2006

[code]
<?php
function no_injection($string){
$string = htmlspecialchars($string);

return $string;
}
?>
[/code]

Keep it simple and short?

onlyican · September 17, 2006

For making things secure I do the following
[code]
<?php
function MakeSafe($str, $make_lower = false){
if($make_lower){
$str = strtolower($str);
}
$str = stripslashes($str);
$str = trim($str);
$str = strip_tags($str);
$str = mysql_real_escape_string($str);
return $str;
}

//This will make string safe, and lower case (for usernames ect)
$username = MakeSafe($_POST["username"], 1);

//This will make string safe, keeping case, (For names ect)
$name = MakeSafe($_POST["name"]);
[/code]
Note that the 1 (or any value, true, a, lowecase) is what makes it lowercase

redarrow · September 17, 2006

i don think htmlspecialchars can do all the strings called $strings as what you want i think they all gotto be set sepratly.

good luck.

[code]
<?php
$name="redarrow";
function name($name){
$name = htmlspecialchars($name);
)

function name($name);
?>
[/code]

Demonic · September 17, 2006

Nice Tips people thanks a bunch any more keep em coming.

redarrow · September 17, 2006

onlyican
Nice example try that my self cheers.

onlyican · September 17, 2006

If theres anything I missed there, let me know
but I think My example covers everything,
and I added the strtolower for username and passwords
Make it easier

redarrow · September 17, 2006

is this the corect way to get the function to work on a diffrent page cheers.

functions.php
[code]
<?php
function MakeSafe($str, $make_lower = false){
if($make_lower){
$str = strtolower($str);
}
$str = stripslashes($str);
$str = trim($str);
$str = strip_tags($str);
$str = mysql_real_escape_string($str);
}
?>
[/code]

test.php
[code]
<?php
include("functions.php");

function MakeSafe($str, $make_lower = false);

$username = MakeSafe($_POST["username"], 1);

//This will make string safe, keeping case, (For names ect)
$name = MakeSafe($_POST["name"]);

?>
[/code]

Demonic · September 17, 2006

no
[code]
<?php
include("functions.php");

$username = MakeSafe($_POST["username"], 1);
//This will make string safe, keeping case, (For names ect)
$name = MakeSafe($_POST["name"]);

?>
[/code]

All you have to do.

redarrow · September 17, 2006

ok that becouse the function is being called witin the varables 4username and $name.

get it.

cheers.

onlyican · September 17, 2006

That has created a function
a function just like the things inside it
mysql_real_escape_string is a function
strtolower is a function

as long as its on the same page, it works
and using include or require puts it on the same page

Sign In

Security Time :) would this work?

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information