ralph4100 Posted November 7, 2006 Share Posted November 7, 2006 Hello! I'm having a bit of trouble getting htmlentities to turn '<' and '>' etc. into their safe counterparts < and so forth. Anyway I've written a function to call before processing the forms on my page:[code] function makeUserInputSafe() { //fucking users... foreach($_REQUEST as $key=>$value) //ugh php5 would have let me pass the value as reference but noooooo... { echo '...making '.$key.'=>'.$value.' safe...'; //this was added for debugging purposes. $_REQUEST[$key]=no_html($_REQUEST[$key]); $_REQUEST[$key]=quote_smart($_REQUEST[$key]); echo 'safe. ( '.$key.'=>'.$value.' )'; } return true; } function no_html($value) { $value = htmlentities(trim($value)); return $value; } function quote_smart($value) { // Stripslashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // Quote if not a number or a numeric string if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value) . "'"; } return $value; }[/code] Link to comment https://forums.phpfreaks.com/topic/26410-cant-get-htmlentities-to-work/ Share on other sites More sharing options...
ralph4100 Posted November 7, 2006 Author Share Posted November 7, 2006 looks like i'm having a bit of trouble with this site too! Link to comment https://forums.phpfreaks.com/topic/26410-cant-get-htmlentities-to-work/#findComment-120781 Share on other sites More sharing options...
ralph4100 Posted November 7, 2006 Author Share Posted November 7, 2006 ok so anyway if u can read the functions above, makeUserInputSafe() runs $_REQUEST through a foreach, calling no_html() and quote_smart() for each memeber of the $_REQUEST array. should be simple no?except when I input <script> in the name field it doesn't get un-html-ed if u know what i mean...when i run a sample call of the function like echo htmlentities('<evil><script>'); that manages to do the trick why not now!!!!!!!!!????????? Link to comment https://forums.phpfreaks.com/topic/26410-cant-get-htmlentities-to-work/#findComment-120784 Share on other sites More sharing options...
alpine Posted November 7, 2006 Share Posted November 7, 2006 Within your foreach loop you aren't using your key => value, you are only using key - look at this:[code]<?phpforeach($_REQUEST as $key=>$value){ echo '...making '.$key.'=>'.$value.' safe...'; //this was added for debugging purposes. ${$key} = no_html($value); // ${$key} is now returned as no_html to use further in your code ${$key} = quote_smart(${$key}); // same with this echo 'safe. ( '.$key.'=>'.$value.' )';}// REQUEST['example'] is now safe only within the variable $example?>[/code] Link to comment https://forums.phpfreaks.com/topic/26410-cant-get-htmlentities-to-work/#findComment-120795 Share on other sites More sharing options...
ralph4100 Posted November 7, 2006 Author Share Posted November 7, 2006 oh my god i am so fucking dumb Link to comment https://forums.phpfreaks.com/topic/26410-cant-get-htmlentities-to-work/#findComment-120801 Share on other sites More sharing options...
ralph4100 Posted November 7, 2006 Author Share Posted November 7, 2006 THANK UUUUUUUUU Link to comment https://forums.phpfreaks.com/topic/26410-cant-get-htmlentities-to-work/#findComment-120802 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.