Jump to content

please help me strength security on my site.

megetron

By megetron
in PHP Coding Help

 Share

Recommended Posts

megetron Member

megetron

Posted
Posted

Hi,

There is a page in my site that echo varible $msg.

so when i goto http://mydomain.com/page.php?msg=<script>alert("HELLO")</script>

the page will prompt the alert HELLO....(echo $msg;)

 

what i wish to do is to create 1 file that will be included in all of my pages to prevent such behaviour.

 

so I created a new file likw this to prevent:

 

 

 

<?  reset ($_GET);

 

    foreach ($_GET as $key => $value)//to stripslash all get variables

    {

  $value=strip_tags($value);

          $value=stripslashes(trim($value));

          $$key=$value;

          //echo "$key=>$value <br/>";

  //echo ("<script>alert('sad')</script>");

    }

 

        reset ($_POST);

 

    foreach ($_POST as $key => $value)//to stripslash all posted variables

            {

          $value=stripslashes(trim($value));

  $value=strip_tags(trim($value));

          $$key=$value;

          //echo "$key=>$value <br/>";

        }

 

    reset ($_GET);

    reset ($_POST);

?>

 

 

 

but for some reason it doesn't work

but when I dont include anything and change the page code for this:

echo strip_tags($msg);

 

the alert will not be displayed....

 

 

Can you please help me build a secured page to include in my pages, so there will not be hacking in my GET/POST/COOKIES/SESSION objects?

 

even if there is something that you are using or some class/function ready to use that being tested will be great solution for me to strength security.

 

 

Thank you guys.

 

Link to comment
Share on other sites
megetron Member

megetron

Posted
  • Author
Posted

Are you including or requiring the file?

 

Try add this to one of your pages which is effected, change "file.php" to the file where your security things are.

 

include('file.php');

 

 

Thats exactly how I am doing this.

Also, I have try to include this code inside the php page itself and still it won't work.

please help,

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.