Jump to content

addslashes to array $_POST form

bbmak

By bbmak
in PHP Coding Help

 Share

Recommended Posts

bbmak Member

bbmak

Posted
Posted

I try to addslashes to an array $_POST form. The code works fine, and it updates the database. However, google chrome gives me an error. Not sure anyone know how to fix this. 

I am writing a block of java script into database as text.

 

 

Chrome detected unusual code on this page and blocked it to protect your personal information (for example, passwords, phone numbers, and credit cards).

 

Code below:

echo '<form name="misc_settings" action="?action=misc_settings_submit" method="POST" enctype="multipart/form-data">';

foreach($miscsettings as $miscsetting){
	$misc_id = $miscsetting['id'];
	$misc_name = $miscsetting['name'];
	$misc_text = stripslashes($miscsetting['text']);

echo '<input type="hidden" name="misc_id[]" value="' . $misc_id . '">';
echo '<input type="hidden" name="misc_name[]" value="' . $misc_name . '">';
echo '<div class="field_name">' . $misc_name . ': <div class="field_value"><textarea name="misc_text[]">' . $misc_text . '</textarea></div></div>';

}

echo '<div class="submit_field"><input type="submit" value="Submit"> <input type="reset" value="Clear"></div>';
echo '</form>';

$misc_id = $_POST['misc_id'];
$misc_name = $_POST['misc_name'];
$misc_text = array_map('addslashes', $_POST['misc_text']);

	for($i=0;$i<count($misc_id);$i++)
	{
		if($misc_name[$i]!="" && $misc_text[$i]!="")
		{
			echo $misc_id[$i] . '<br />';
			echo $misc_name[$i] . '<br />';
			echo $misc_text[$i] . '<br /><br />';
		
			$miscClass->updateMiscSetting($misc_id[$i], $misc_text[$i]);
		
		}
	}
Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted

1. addslashes is likely not what you should be using. If you're concerned about SQL injection then there are better alternatives. If not that then... why are you adding slashes?

2. Chrome doesn't like that you submitted Javascript code and then the page tried to execute it. Which is weird: the page should display the code, not execute it.

 

#2 is solved by using htmlspecialchars() on the script before putting it into the textarea. Note that textareas are not automatically plain text with whatever is inside - you still have to escape HTML markup just like you would anywhere else.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.