megetron Posted April 15, 2012 Share Posted April 15, 2012 Hi, There is a page in my site that echo varible $msg. so when i goto http://mydomain.com/page.php?msg=<script>alert("HELLO")</script> the page will prompt the alert HELLO....(echo $msg;) what i wish to do is to create 1 file that will be included in all of my pages to prevent such behaviour. so I created a new file likw this to prevent: <? reset ($_GET); foreach ($_GET as $key => $value)//to stripslash all get variables { $value=strip_tags($value); $value=stripslashes(trim($value)); $$key=$value; //echo "$key=>$value <br/>"; //echo ("<script>alert('sad')</script>"); } reset ($_POST); foreach ($_POST as $key => $value)//to stripslash all posted variables { $value=stripslashes(trim($value)); $value=strip_tags(trim($value)); $$key=$value; //echo "$key=>$value <br/>"; } reset ($_GET); reset ($_POST); ?> but for some reason it doesn't work but when I dont include anything and change the page code for this: echo strip_tags($msg); the alert will not be displayed.... Can you please help me build a secured page to include in my pages, so there will not be hacking in my GET/POST/COOKIES/SESSION objects? even if there is something that you are using or some class/function ready to use that being tested will be great solution for me to strength security. Thank you guys. Quote Link to comment https://forums.phpfreaks.com/topic/260979-please-help-me-strength-security-on-my-site/ Share on other sites More sharing options...
NLT Posted April 15, 2012 Share Posted April 15, 2012 Are you including or requiring the file? Try add this to one of your pages which is effected, change "file.php" to the file where your security things are. include('file.php'); Quote Link to comment https://forums.phpfreaks.com/topic/260979-please-help-me-strength-security-on-my-site/#findComment-1337549 Share on other sites More sharing options...
megetron Posted April 15, 2012 Author Share Posted April 15, 2012 Are you including or requiring the file? Try add this to one of your pages which is effected, change "file.php" to the file where your security things are. include('file.php'); Thats exactly how I am doing this. Also, I have try to include this code inside the php page itself and still it won't work. please help, Quote Link to comment https://forums.phpfreaks.com/topic/260979-please-help-me-strength-security-on-my-site/#findComment-1337602 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.