bbmak Posted June 1, 2017 Share Posted June 1, 2017 I try to addslashes to an array $_POST form. The code works fine, and it updates the database. However, google chrome gives me an error. Not sure anyone know how to fix this. I am writing a block of java script into database as text. Chrome detected unusual code on this page and blocked it to protect your personal information (for example, passwords, phone numbers, and credit cards). Code below: echo '<form name="misc_settings" action="?action=misc_settings_submit" method="POST" enctype="multipart/form-data">'; foreach($miscsettings as $miscsetting){ $misc_id = $miscsetting['id']; $misc_name = $miscsetting['name']; $misc_text = stripslashes($miscsetting['text']); echo '<input type="hidden" name="misc_id[]" value="' . $misc_id . '">'; echo '<input type="hidden" name="misc_name[]" value="' . $misc_name . '">'; echo '<div class="field_name">' . $misc_name . ': <div class="field_value"><textarea name="misc_text[]">' . $misc_text . '</textarea></div></div>'; } echo '<div class="submit_field"><input type="submit" value="Submit"> <input type="reset" value="Clear"></div>'; echo '</form>'; $misc_id = $_POST['misc_id']; $misc_name = $_POST['misc_name']; $misc_text = array_map('addslashes', $_POST['misc_text']); for($i=0;$i<count($misc_id);$i++) { if($misc_name[$i]!="" && $misc_text[$i]!="") { echo $misc_id[$i] . '<br />'; echo $misc_name[$i] . '<br />'; echo $misc_text[$i] . '<br /><br />'; $miscClass->updateMiscSetting($misc_id[$i], $misc_text[$i]); } } Link to comment Share on other sites More sharing options...
Psycho Posted June 1, 2017 Share Posted June 1, 2017 The problem would be in the javascript code, not the PHP code. Link to comment Share on other sites More sharing options...
bbmak Posted June 1, 2017 Author Share Posted June 1, 2017 anyway to fix that? I tried it without an array. It works fine with google chrome. Link to comment Share on other sites More sharing options...
requinix Posted June 1, 2017 Share Posted June 1, 2017 1. addslashes is likely not what you should be using. If you're concerned about SQL injection then there are better alternatives. If not that then... why are you adding slashes? 2. Chrome doesn't like that you submitted Javascript code and then the page tried to execute it. Which is weird: the page should display the code, not execute it. #2 is solved by using htmlspecialchars() on the script before putting it into the textarea. Note that textareas are not automatically plain text with whatever is inside - you still have to escape HTML markup just like you would anywhere else. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.