Needing help with a fun little project

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Brennydoogles
Forum Newbie
Posts: 3
Joined: Tue Jun 17, 2008 9:43 pm
Location: Tennessee, USA

Needing help with a fun little project

Post by Brennydoogles »

I'm sure you all remember playing with Mad Libs when you were a kid, where you are asked for words that fit a particular part of Speech, and they are inserted into a pre-made story with crazy results. I am trying to create a page similar to this for my website, where there would be several stories that you could potentially create each time you visit the page. The problem I am having is that I want my page to be secure ( I want to validate input), but I also need to allow the use of the ' character in certain fields (in one story I allow for the input of song lyrics as part of the story, and many songs use contracted words). The problem I am having is that right now a ' character in user input is being escaped (so Stacy's Mom becomes Stacy/'s Mom). Any Ideas or suggestions?
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: Needing help with a fun little project

Post by califdon »

Use stripslashes() when you retrieve words to appear as output.
User avatar
Brennydoogles
Forum Newbie
Posts: 3
Joined: Tue Jun 17, 2008 9:43 pm
Location: Tennessee, USA

Re: Needing help with a fun little project

Post by Brennydoogles »

califdon wrote:Use stripslashes() when you retrieve words to appear as output.

Wow... that was far easier than I expected. as for validating the user input, if I wanted to write a function to validate the user's input (to strip out only dangerous code injection and whatnot), what would something like this look like?
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: Needing help with a fun little project

Post by califdon »

Brennydoogles wrote:Wow... that was far easier than I expected. as for validating the user input, if I wanted to write a function to validate the user's input (to strip out only dangerous code injection and whatnot), what would something like this look like?
There are a lot of different dangers to be considered and a lot of different approaches to input validation (also referred to as sanitization). Try using a search engine to find techniques that you can adapt. Here's just one article:
http://www.zymic.com/tutorials/php/sani ... on-in-php/
User avatar
Brennydoogles
Forum Newbie
Posts: 3
Joined: Tue Jun 17, 2008 9:43 pm
Location: Tennessee, USA

Re: Needing help with a fun little project

Post by Brennydoogles »

So using this example from that tut:

Code: Select all

if(!preg_match('/^[-_ 0-9a-z]$/i',$_POST['name']))
   die('Invalid name proved, the name may only contain a-z, A-Z, 0-9, "-", "_" and spaces.');
will kick many threats. The question is will it also kick any input that contains the ' character, or will it simply be escaped as before? If it will simply be escaped, then I could potentially create a function to sanitize user input, and the strip the slashes, and call that every time yeah??
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: Needing help with a fun little project

Post by califdon »

Brennydoogles wrote:So using this example from that tut:

Code: Select all

if(!preg_match('/^[-_ 0-9a-z]$/i',$_POST['name']))
   die('Invalid name proved, the name may only contain a-z, A-Z, 0-9, "-", "_" and spaces.');
will kick many threats. The question is will it also kick any input that contains the ' character, or will it simply be escaped as before? If it will simply be escaped, then I could potentially create a function to sanitize user input, and the strip the slashes, and call that every time yeah??
At least that's a start. This subject is pretty complex and I'm not a security expert. If you want to be safe, you should read several more tutorials/articles.
Post Reply