cluce Posted May 16, 2007 Share Posted May 16, 2007 I am trying to error proof my web site but when I input a tag in the text field the tag still disrupts my web page. Can someone give me any suggestions? It looks like I am using the strip slashes function correctly. Is their some other code I need to add to this? My trim function works fine but not the strip slashes. I even took out the trim function and still no go. ??? here is my code <?php //initialize the session if (!isset($_SESSION)) { session_start(); } //connects to database $mysqli = mysqli_connect("localhost", "root", "", "test"); //check to see if email exists in database/table $usercheck = strip_tags(trim($_POST['username'])); $check = mysqli_query($mysqli,"SELECT email FROM auth_users WHERE email = '$usercheck' LIMIT 1"); $check2= mysqli_num_rows($check); //if the email does not exist, it gives an error if ($check2 != 0) { echo ("email exists"); //create and issue the query //$sql = "SELECT username, password FROM auth_users WHERE email = '".$_POST["email"]."'; //$res = mysqli_query($mysqli, $sql); //$to = "[email protected]"; //$subject = "Website Inquiry Form"; //$body = "$sql"; //mail ($to, $subject, $body); //header("Location: http:reaganpower.com/thankyou.html"); }else{ $_SESSION['emailExists'] = "<font color='red'>The email"." ".$_POST['email']." "."does not exist in our database.<br>You may register for free by filling out the online registration form.</font>"; header ("Location: forgot_password.php"); } mysqli_close($mysqli); ?> Link to comment https://forums.phpfreaks.com/topic/51683-solved-strip-slashes-function-is-not-working/ Share on other sites More sharing options...
taith Posted May 16, 2007 Share Posted May 16, 2007 um... ??? your not stripslasses()ing in there... ??? Link to comment https://forums.phpfreaks.com/topic/51683-solved-strip-slashes-function-is-not-working/#findComment-254566 Share on other sites More sharing options...
cluce Posted May 16, 2007 Author Share Posted May 16, 2007 my mistake on the code. this is what I have... <?php //initialize the session if (!isset($_SESSION)) { session_start(); } //connects to database $mysqli = mysqli_connect("localhost", "root", "", "test"); //check to see if email exists in database/table $usercheck = stripslashes(trim($_POST['email'])); $check = mysqli_query($mysqli,"SELECT email FROM auth_users WHERE email = '$usercheck' LIMIT 1"); $check2= mysqli_num_rows($check); //if the email does not exist, it gives an error if ($check2 != 0) { echo ("email exists"); //create and issue the query //$sql = "SELECT username, password FROM auth_users WHERE email = '".$_POST["email"]."'; //$res = mysqli_query($mysqli, $sql); //$to = "[email protected]"; //$subject = "Website Inquiry Form"; //$body = "$sql"; //mail ($to, $subject, $body); //header("Location: http:reaganpower.com/thankyou.html"); }else{ $_SESSION['emailExists'] = "<font color='red'>The email"." ".$_POST['email']." "."does not exist in our database.<br>You may register for free by filling out the online registration form.</font>"; header ("Location: forgot_password.php"); } mysqli_close($mysqli); ?> Link to comment https://forums.phpfreaks.com/topic/51683-solved-strip-slashes-function-is-not-working/#findComment-254599 Share on other sites More sharing options...
taith Posted May 16, 2007 Share Posted May 16, 2007 and what are you getting from the $usercheck? Link to comment https://forums.phpfreaks.com/topic/51683-solved-strip-slashes-function-is-not-working/#findComment-254611 Share on other sites More sharing options...
cluce Posted May 16, 2007 Author Share Posted May 16, 2007 the first code was right. I am not going to use a strip slashes function only the trim and strip tags. Link to comment https://forums.phpfreaks.com/topic/51683-solved-strip-slashes-function-is-not-working/#findComment-254613 Share on other sites More sharing options...
cluce Posted May 16, 2007 Author Share Posted May 16, 2007 when I add this input this in the text field...<tr>d<tr/>........It screws up the whole design. It looks unprofessional. Again. I am using the strip tags function not the sstrip lashes. Link to comment https://forums.phpfreaks.com/topic/51683-solved-strip-slashes-function-is-not-working/#findComment-254635 Share on other sites More sharing options...
taith Posted May 16, 2007 Share Posted May 16, 2007 that would be because <tr>d<tr/> is not proper code... <tr><td>d</td><tr/> Link to comment https://forums.phpfreaks.com/topic/51683-solved-strip-slashes-function-is-not-working/#findComment-254639 Share on other sites More sharing options...
cluce Posted May 16, 2007 Author Share Posted May 16, 2007 your right. so I would error check that another way which I found. thanks Link to comment https://forums.phpfreaks.com/topic/51683-solved-strip-slashes-function-is-not-working/#findComment-254648 Share on other sites More sharing options...
cluce Posted May 16, 2007 Author Share Posted May 16, 2007 well I inserted proper HTML code this time and still screws up but I found another validation I am going to use. Thanks again Link to comment https://forums.phpfreaks.com/topic/51683-solved-strip-slashes-function-is-not-working/#findComment-254654 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.