htmlentities etc not doing anything
Posted: Thu Aug 26, 2010 11:50 pm
Hi
Got a very weird issue here; I have the code below running, all works OK except one minor detail; none of the functions intended to strip potentially malicious characters/strings work, i.e. stripslashes, htmlentities, strip_tags.
However, intermittently I have been able to get them to work by for example using:
I am at a dead loss as to why this doesn't work, have tried everything. Hopefully there is something really obvious I've overlooked?
Many thanks.
The page:
The include file:
Got a very weird issue here; I have the code below running, all works OK except one minor detail; none of the functions intended to strip potentially malicious characters/strings work, i.e. stripslashes, htmlentities, strip_tags.
However, intermittently I have been able to get them to work by for example using:
Code: Select all
$var = htmlentities($var)Many thanks.
The page:
Code: Select all
<?php
$foodgroup = "";
require_once '../lib/sanitize.php';
if (isset($_POST['food_group'])) $foodgroup = sanitizeMySQL($_POST['food_group']);
echo <<<_END
<html>
<head>
<title>Nutrition</title>
</head>
<body>
_END;
if ($foodgroup != "") echo $foodgroup . " added successfully.";
echo <<<_END
<form method="post" action="foodgroup.php" />
New food group:
<input type="text" name="food_group" />
<input type="submit" />
</form>
</body>
</html>
_END;
?>
Code: Select all
<?php
function sanitizeString($var)
{
$var = stripslashes($var);
$var = htmlentities($var);
$var = strip_tags($var);
return $var;
}
function sanitizeMySQL($var)
{
$var = mysql_real_escape_string($var);
$var = sanitizeString($var);
return $var;
}
?>