| Author |
Message |
|
Mole
Minor Diety
Joined: Fri Apr 11, 2003 5:09 pm
Posts: 4004
Location: Walsall, West Mids, UK
|
_________________
Games to complete:
GTA IV [100%] (For Multiplayer next!)
Fallout 3 [50%]
Rock Band [35%]
http://www.cafepress.com/SmeepProducts
|
| Fri Aug 12, 2005 4:55 pm |
 
|
|
|
Satis
Felix Rex
Joined: Fri Mar 28, 2003 6:01 pm
Posts: 16662
Location: On a slope
|
_________________
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
|
| Fri Aug 12, 2005 5:19 pm |
|
|
|
Mole
Minor Diety
Joined: Fri Apr 11, 2003 5:09 pm
Posts: 4004
Location: Walsall, West Mids, UK
|
Thanks for the input.
Well, Over the past few hours, i've gotten my self a log-in-able blog, that shows the last three records!
Not majorly secure, I know, but it's good enough for tonight.
One question - When I enter in a review, if I type in an apastrophe, it complains about syntax error - like it's parsing the stuff I enter as php or something?
Any idea what sort of stuff you can do to stop that?
_________________
Games to complete:
GTA IV [100%] (For Multiplayer next!)
Fallout 3 [50%]
Rock Band [35%]
http://www.cafepress.com/SmeepProducts
|
| Sat Aug 13, 2005 6:40 pm |
|
|
|
Satis
Felix Rex
Joined: Fri Mar 28, 2003 6:01 pm
Posts: 16662
Location: On a slope
|
when you convert you $_POST to a regular variable, addslashes on it...ie
$text=addslashes($_POST[text]);
you're running into those hacks we're talking about.
_________________
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
|
| Sun Aug 14, 2005 11:27 am |
|
|
|
Pig
Duke
Joined: Mon Mar 31, 2003 8:59 am
Posts: 1358
Location: right behind you
|
If you have the ability to edit your php.ini. you should turn magic_quotes on.
|
| Sun Aug 14, 2005 11:36 am |
|
|
|
Mole
Minor Diety
Joined: Fri Apr 11, 2003 5:09 pm
Posts: 4004
Location: Walsall, West Mids, UK
|
hmm, I dunno if i do have permision to edit the server php.ini - but I can get them to do it for me.
Satis: Can I add more than one thing to the POST part? Because I already have htmlentities there. (hehe, tities)
_________________
Games to complete:
GTA IV [100%] (For Multiplayer next!)
Fallout 3 [50%]
Rock Band [35%]
http://www.cafepress.com/SmeepProducts
|
| Sun Aug 14, 2005 2:00 pm |
|
|
|
Satis
Felix Rex
Joined: Fri Mar 28, 2003 6:01 pm
Posts: 16662
Location: On a slope
|
if you're asking if you can run more than one function on the $_POST, yes, you can run as many as you want.
ie:
$text = addslashes(htmlentities($_POST[text]));
you can wrap as many together as you want. I think my record is 4 or 5. Pig probably has twice as many.
_________________
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
|
| Mon Aug 15, 2005 7:54 am |
|
|
|
Pig
Duke
Joined: Mon Mar 31, 2003 8:59 am
Posts: 1358
Location: right behind you
|
The only time I every wrapped more than 4 or 5 function calls like that, was because I didn't know what I was doing. I think I was using str_replace, and didn't realize you could use an array as the search parameter.
If you can get magic_quotes turned on, you should. Just realize that using add_slashes is redundant, and you should not do both. Just one or the other.
I often use a script I wrote called purge_text() that I feed all user input through. It checks if magic_quotes is on, and adds them manually if it is not. It also does strip_tags, htmlspecialchars, trim, and maybe another function or two.
|
| Mon Aug 15, 2005 8:48 am |
|
|
|
Mole
Minor Diety
Joined: Fri Apr 11, 2003 5:09 pm
Posts: 4004
Location: Walsall, West Mids, UK
|
thanks guys 
_________________
Games to complete:
GTA IV [100%] (For Multiplayer next!)
Fallout 3 [50%]
Rock Band [35%]
http://www.cafepress.com/SmeepProducts
|
| Mon Aug 15, 2005 11:27 am |
|
|
