Jump to content

[SOLVED] strip slashes function is not working


cluce

Recommended Posts

I am trying to error proof my web site but when I input a tag in the text field the tag still disrupts my web page. Can someone give me any suggestions?

It looks like I am using the strip slashes function correctly. Is their some other code I need to add to this? My trim function works fine but not the strip slashes. I even took out the trim function and still no go.  ???

 

here is my code

<?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

//connects to database
$mysqli = mysqli_connect("localhost", "root", "", "test");

//check to see if email exists in database/table
$usercheck = strip_tags(trim($_POST['username']));
$check = mysqli_query($mysqli,"SELECT email FROM auth_users WHERE email = '$usercheck' LIMIT 1"); 
$check2= mysqli_num_rows($check);

//if the email does not exist, it gives an error
if ($check2 != 0) {
    echo ("email exists");

     //create and issue the query
     //$sql = "SELECT username, password FROM auth_users WHERE email = '".$_POST["email"]."';
     //$res = mysqli_query($mysqli, $sql);
    	
    //$to = "[email protected]";
//$subject = "Website Inquiry Form";
//$body = "$sql";
//mail ($to, $subject, $body);
//header("Location: http:reaganpower.com/thankyou.html");

}else{
    $_SESSION['emailExists'] = "<font color='red'>The email"." ".$_POST['email']." "."does not exist in our database.<br>You may register for free by filling out the online registration form.</font>";	
header ("Location: forgot_password.php");
}

mysqli_close($mysqli);
?>

my mistake on the code. :(

 

 

this is what I have...

 

<?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

//connects to database
$mysqli = mysqli_connect("localhost", "root", "", "test");

//check to see if email exists in database/table
$usercheck = stripslashes(trim($_POST['email']));
$check = mysqli_query($mysqli,"SELECT email FROM auth_users WHERE email = '$usercheck' LIMIT 1"); 
$check2= mysqli_num_rows($check);

//if the email does not exist, it gives an error
if ($check2 != 0) {
    echo ("email exists");

     //create and issue the query
     //$sql = "SELECT username, password FROM auth_users WHERE email = '".$_POST["email"]."';
     //$res = mysqli_query($mysqli, $sql);
    	
    //$to = "[email protected]";
//$subject = "Website Inquiry Form";
//$body = "$sql";
//mail ($to, $subject, $body);
//header("Location: http:reaganpower.com/thankyou.html");

}else{
    $_SESSION['emailExists'] = "<font color='red'>The email"." ".$_POST['email']." "."does not exist in our database.<br>You may register for free by filling out the online registration form.</font>";	
header ("Location: forgot_password.php");
}

mysqli_close($mysqli);
?>

 

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.