Jump to content


Photo

Addslashes and Strip_tags not working


  • Please log in to reply
1 reply to this topic

#1 lpxxfaintxx

lpxxfaintxx
  • Members
  • PipPipPip
  • Advanced Member
  • 181 posts

Posted 31 March 2006 - 01:14 AM

<?php 
require_once "maincore.php";
require_once "subheader.php";
require_once "side_left.php";
opentable('Edit Images');
$saveid = $_GET['save'];
$newname = addslashes(strip_tags($_POST['imagename']));
$newstatus = addslashes(strip_tags($_POST['status']));
$newdescription = addslashes(strip_tags($_POST['imagedescription']));
$id = addslashes(strip_tags($_POST['editid2']));
$owner = $userdata['user_name'];
    switch ($saveid):
case 1:
 $sql = "UPDATE registered_files SET status='$newstatus' WHERE id=$id AND owner = '$owner'";
      $result = mysql_query($sql);
      echo "<center>Thank you! Image status updated. <br /> Image id: $id
<br />Click <a href='memberseditimages.php'>here to go back.</a>
      </center>";
   break;
case 2:
 $sql = "UPDATE registered_files SET imagename='$newname' WHERE id=$id AND owner = '$owner'";

      $result = mysql_query($sql);
      echo "<center>Thank you! Image name updated. <br /> Image id: $id
<br />Click <a href='memberseditimages.php'>here to go back.</a>
      </center>";
   break;
case 3:
 $sql = "UPDATE registered_files SET description='$newdescription' WHERE id=$id AND owner = '$owner'";

      $result = mysql_query($sql);
      echo "<center>Thank you! Description updated. <br /> Image id: $id
<br />Click <a href='memberseditimages.php'>here to go back.</a>
      </center>";
   break;
default:
   echo "Please edit the information you wish to save.";
endswitch; 
require_once "side_right.php";
require_once "footer.php";
?>

Whenever I edit a row and insert html, the html works.. isn't it supposed to prevent that from happening?

Regards,
AIMMultimedia.com

#2 sford999

sford999
  • Members
  • PipPipPip
  • Advanced Member
  • 119 posts

Posted 31 March 2006 - 10:07 AM

Try the htmlspecialchars function

[a href=\"http://us2.php.net/htmlspecialchars\" target=\"_blank\"]http://us2.php.net/htmlspecialchars[/a]




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users