Jump to content

Security Time :) would this work?


Demonic

Recommended Posts

This bit makes not sense:
[code]if(!htmlspecialchars($string)){
$string = htmlspecialchars($string);
}[/code]
How will PHP know you have ran htmlspecialchars? Also this bit of code [code=php:0]$string = htmlspecialchars($string);[/code] will never be run, as PHP will run htmlspecialchars on the string being passed to the function in this bit of code:
[code=php:0]if(!htmlspecialchars($string)){[/code]. So yout function is abit of a waste.

Link to comment
Share on other sites

For making things secure I do the following
[code]
<?php
function MakeSafe($str, $make_lower = false){
if($make_lower){
$str = strtolower($str);
}
$str = stripslashes($str);
$str = trim($str);
$str = strip_tags($str);
$str = mysql_real_escape_string($str);
return $str;
}

//This will make string safe, and lower case (for usernames ect)
$username = MakeSafe($_POST["username"], 1);

//This will make string safe, keeping case, (For names ect)
$name = MakeSafe($_POST["name"]);
[/code]
Note that the 1 (or any value, true, a, lowecase) is what makes it lowercase
Link to comment
Share on other sites

is this the corect way to get the function to work on a diffrent page cheers.

functions.php
[code]
<?php
function MakeSafe($str, $make_lower = false){
if($make_lower){
$str = strtolower($str);
}
$str = stripslashes($str);
$str = trim($str);
$str = strip_tags($str);
$str = mysql_real_escape_string($str);
}
?>
[/code]

test.php
[code]
<?php
include("functions.php");

function MakeSafe($str, $make_lower = false);

$username = MakeSafe($_POST["username"], 1);

//This will make string safe, keeping case, (For names ect)
$name = MakeSafe($_POST["name"]);

?>
[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.