Daney11 Posted February 15, 2008 Share Posted February 15, 2008 Hey guys. Im using forms to enter information into my website and im doing all the security measures needed. However when i enter <script type="text/javascript">window.location = "http://www.google.com/"</script> To say <input class="forminput" name="news_title" type="text" value="<?php if (isset($_POST['news_title'])) echo $_POST['news_title']; ?>" /> I get a broken field when the error comes up Error im using is if (eregi ('^[[:alpha:][:digit:][:blank:]-]{2,60}$', stripslashes(trim($_POST['news_title'])))) { $news_title = escape_data($_POST['news_title']); } else { $news_title = FALSE; $errors[] = 'Please Enter A News Title'; } The break of the form field looks like FORM[ <script type=\ ]window.location = \"http://www.google.com/\"" /> The [ ] represents the form area. So its breaking it up. Any ideas on how to solve this? Image Link to comment https://forums.phpfreaks.com/topic/91285-php-forms/ Share on other sites More sharing options...
marcus Posted February 15, 2008 Share Posted February 15, 2008 What's the problem, html isn't working? Link to comment https://forums.phpfreaks.com/topic/91285-php-forms/#findComment-467822 Share on other sites More sharing options...
Daney11 Posted February 15, 2008 Author Share Posted February 15, 2008 No, the enter of the javascript into a form breaks the form up as you can see in the image. It wont go into my database thankfully but when a user enters javascript into my forms i just want the form to be hole and no break. Link to comment https://forums.phpfreaks.com/topic/91285-php-forms/#findComment-467824 Share on other sites More sharing options...
marcus Posted February 15, 2008 Share Posted February 15, 2008 Make it a textarea, or use htmlentities to prevent them from closing the input box Link to comment https://forums.phpfreaks.com/topic/91285-php-forms/#findComment-467825 Share on other sites More sharing options...
Daney11 Posted February 15, 2008 Author Share Posted February 15, 2008 Is there not another way to prevent them closing the input box? Link to comment https://forums.phpfreaks.com/topic/91285-php-forms/#findComment-467827 Share on other sites More sharing options...
marcus Posted February 15, 2008 Share Posted February 15, 2008 or use htmlentities to prevent them from closing the input box and why would you want people to enter javascript as a news title, isn't news for reading; not redirecting? Link to comment https://forums.phpfreaks.com/topic/91285-php-forms/#findComment-467830 Share on other sites More sharing options...
Daney11 Posted February 15, 2008 Author Share Posted February 15, 2008 People would enter anything in input boxes to try and use SQL injection against your website. Im trying to iron out ALL bugs so that they cannot SQL inject my website. Link to comment https://forums.phpfreaks.com/topic/91285-php-forms/#findComment-467833 Share on other sites More sharing options...
marcus Posted February 15, 2008 Share Posted February 15, 2008 should have said that mysql_real_escape_string(); strip_tags(); htmlentities(); Link to comment https://forums.phpfreaks.com/topic/91285-php-forms/#findComment-467839 Share on other sites More sharing options...
Daney11 Posted February 15, 2008 Author Share Posted February 15, 2008 my form is now <input class="forminput" name="news_title" type="text" value="<?php if (isset($_POST['news_title'])) echo htmlentities($_POST['news_title']); ?>" /> and it works fine. thanks Link to comment https://forums.phpfreaks.com/topic/91285-php-forms/#findComment-467842 Share on other sites More sharing options...
marcus Posted February 15, 2008 Share Posted February 15, 2008 no problem Link to comment https://forums.phpfreaks.com/topic/91285-php-forms/#findComment-467844 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.