Needing help with a fun little project
Moderator: General Moderators
- Brennydoogles
- Forum Newbie
- Posts: 3
- Joined: Tue Jun 17, 2008 9:43 pm
- Location: Tennessee, USA
Needing help with a fun little project
I'm sure you all remember playing with Mad Libs when you were a kid, where you are asked for words that fit a particular part of Speech, and they are inserted into a pre-made story with crazy results. I am trying to create a page similar to this for my website, where there would be several stories that you could potentially create each time you visit the page. The problem I am having is that I want my page to be secure ( I want to validate input), but I also need to allow the use of the ' character in certain fields (in one story I allow for the input of song lyrics as part of the story, and many songs use contracted words). The problem I am having is that right now a ' character in user input is being escaped (so Stacy's Mom becomes Stacy/'s Mom). Any Ideas or suggestions?
Re: Needing help with a fun little project
Use stripslashes() when you retrieve words to appear as output.
- Brennydoogles
- Forum Newbie
- Posts: 3
- Joined: Tue Jun 17, 2008 9:43 pm
- Location: Tennessee, USA
Re: Needing help with a fun little project
califdon wrote:Use stripslashes() when you retrieve words to appear as output.
Wow... that was far easier than I expected. as for validating the user input, if I wanted to write a function to validate the user's input (to strip out only dangerous code injection and whatnot), what would something like this look like?
Re: Needing help with a fun little project
There are a lot of different dangers to be considered and a lot of different approaches to input validation (also referred to as sanitization). Try using a search engine to find techniques that you can adapt. Here's just one article:Brennydoogles wrote:Wow... that was far easier than I expected. as for validating the user input, if I wanted to write a function to validate the user's input (to strip out only dangerous code injection and whatnot), what would something like this look like?
http://www.zymic.com/tutorials/php/sani ... on-in-php/
- Brennydoogles
- Forum Newbie
- Posts: 3
- Joined: Tue Jun 17, 2008 9:43 pm
- Location: Tennessee, USA
Re: Needing help with a fun little project
So using this example from that tut:
will kick many threats. The question is will it also kick any input that contains the ' character, or will it simply be escaped as before? If it will simply be escaped, then I could potentially create a function to sanitize user input, and the strip the slashes, and call that every time yeah??
Code: Select all
if(!preg_match('/^[-_ 0-9a-z]$/i',$_POST['name']))
die('Invalid name proved, the name may only contain a-z, A-Z, 0-9, "-", "_" and spaces.');Re: Needing help with a fun little project
At least that's a start. This subject is pretty complex and I'm not a security expert. If you want to be safe, you should read several more tutorials/articles.Brennydoogles wrote:So using this example from that tut:will kick many threats. The question is will it also kick any input that contains the ' character, or will it simply be escaped as before? If it will simply be escaped, then I could potentially create a function to sanitize user input, and the strip the slashes, and call that every time yeah??Code: Select all
if(!preg_match('/^[-_ 0-9a-z]$/i',$_POST['name'])) die('Invalid name proved, the name may only contain a-z, A-Z, 0-9, "-", "_" and spaces.');