Jump to content

Secure code has stopped my submit query working...

seany123

By seany123
in PHP Coding Help

 Share

Recommended Posts

seany123 Advanced Member

seany123

Posted
Posted

I had a programmer who was doing a job for me look over one of my pages and added this security to my POST submit button:

 

		##### secure #####
		if(!empty($_POST['user_url']) & preg_match('/(order.*?by|union.*?select|select.*?from|update.*?set|"|\'|\/*)/', $_POST['user_url'])) exit;
		if(!empty($_POST['user_url']) & !preg_match('/https?:\/\/[\w\d:#@%\/;$()~\\_?+-=.&]*/', $_POST['user_url'])) exit;
		#################

 

However now it doesnt matter what i type into the text box it always Exits the script...

 

can anyone see whats happening here?

 

PS. the purpose the of the text box is to insert URLs into my database... so it would need to allow that format.

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

I didn't say to get rid of the two lines, now did I? Whoever wrote it used the wrong operators. & is a bitwise operator, && is a logical operator. You need the logical operator there.

 

if( empty( . . . ) && preg_match( . . . )
// not 
if( empty( . . . ) & preg_match( . . . )

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.