|
PHP - Best Way To Clean A Lot Of Inputs?
Hey guys
I have a lot of inputs from my form. Is there a way I can do like a for each or something instead of of having to write $myusername = stripslashes($_POST['name'); $mypassword = stripslashes($_POST['pass']); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); .... for all 16 fields? thanks Similar TutorialsHow is it possible, in PHP, to display an error message next to a form input text field if a user is attempting to submit a form with empty fields? Moreover, how is it possible to remove the same error message when the user fills in the input field with the required data and/or refreshes the page? I have 2 files that I am working with: application.php and process.php.
application.php mainly has the HTML of the form. I am very new to learning PHP (I started learning it last week) and I have been searching for hours for a clear answer. I have already tried different methods for generating the error message including: using empty(), !isset, $_POST["name"] = "", etc, and have tried using session_start();, $row, echo, print, and other variables to try and display error message on the page, and I have tried using unset();, and = null, to try and remove the error message once the input field has been filled but all to no avail. Either the method I try only half works, or nothing works, and I cannot pinpoint which is the part that is not working. I only have 2 files to work with, and as an example of what I want to do is:
1. If the first name field is empty when the user clicks submit, an error message should appear next to the input. Is this possible with PHP? Hello friends if i've this $text = "i love adult sites" then i wanna clean it by elminate words like adult - bad - kill - die so it be $clean = "i love sites" as you can see it eliminated the word adult how it could be which code can i use ? thanks in advance Hi, Here is a tiny bit of my code $r = mysql_query ($query); while ($row = mysql_fetch_array ($r, MYSQL_ASSOC)) { echo "<tr> <td align=\"center\">"; echo date("M-d-Y", mktime(0, 0, 0, $row['month'], $row['day'], $row['year'])); echo "</td> "; if ($row['presenter1status'] == '0') { echo "<td align=\"center\"><font color=\"#FF9900\">{$row['presenter1']}</font></td>"; } elseif ($row['presenter1status'] == '1') { echo "<td align=\"center\"><font color=\"green\">{$row['presenter1']}</font></td>"; } elseif ($row['presenter1status'] == '2') { echo "<td align=\"center\"><font color=\"red\">{$row['presenter1']}</font></td>"; } if ($row['presenter2status'] == '0') { echo "<td align=\"center\"><font color=\"#FF9900\">{$row['presenter2']}</font></td>"; } elseif ($row['presenter2status'] == '1') { echo "<td align=\"center\"><font color=\"green\">{$row['presenter2']}</font></td>"; } elseif ($row['presenter2status'] == '2') { echo "<td align=\"center\"><font color=\"red\">{$row['presenter2']}</font></td>"; } if ($row['engineerstatus'] == '0') { echo "<td align=\"center\"><font color=\"#FF9900\">{$row['engineer']}</font></td>"; } elseif ($row['engineerstatus'] == '1') { echo "<td align=\"center\"><font color=\"green\">{$row['engineer']}</font></td>"; } elseif ($row['engineerstatus'] == '2') { echo "<td align=\"center\"><font color=\"red\">{$row['engineer']}</font></td>"; } echo "</tr> I was wondering if there is a better way of doing this as I think including this many ifesle statements in a while loop that could go round about 40 times might be very heavy on the resources. Thanks My code here Code: [Select] setcookie('hide_div', $_COOKIE['hide_div'].','.$_GET['hide'],time()+32000000); When I set it, it works wonderful, but then when I see view it in my cookie it shows this code between my $_GET['hide'] values Code: [Select] %2C how do I clean it up and just make it show my " , "? Thank you What is the cleanest way to write this if? Code: [Select] <div <?php if (!empty($otherfans)) {echo "class=\"newstext\"";} else {echo "class=\"newstext pts\""; } ?>> Hi, I am creating a website but am having trouble with the following: I have an include file(db.inc) which contains the following: function clean($input, $maxlength) { $input = substr($input, 0, $maxlength); $input = EscapeShellCmd($input); return ($input); } The file I am having the problem with is my view.php file. I get the following error: Notice: Undefined variable: file in C:\wamp\www\fermpix\view.php on line 4 Line 4 contains the following: $file = clean($file, 4); My view.php does have the line: include 'db.inc'; Does anybody have any idea what the issue might be? Cheers Paul Hi Im trying to write a script to clean up my image directory which has quite a lot of unused images that have built up over time. In order to do this I am doing the following. First Create a database table called 'image_clean' Then I'm searching through 3 tables and collecting all the image file names and dumping the names in the table 'image_clean' Can do that no problem. So now I have all the images I need in this one table 'image_clean' I now want to go through my directory 'image_uploads' and delete anything thats not in the 'image_clean' table. I know how to delete the files using unlink Im just unsure how to search through the directory file by file and check the file against the database. Im asumming I need to put them in an array. Could anyone give be a clue or two to get me started. I have no problem checking a database against a directory but when its the other way round 'checking a directory against a database I'm lost. What I might do is pop the files to delete in a new database called 'image_delete' so that I can then check the images to delete before I write the unlink script. But I'm just not sure how to pick up each file and compare it to the table. Thanks in advance. Hey all, I would like to some how clean up an if statement to be a little cleaner. Code: [Select] if(condition && condition && (condition && condition) || (condition && condition) || (condition && condition)) How can I do that? I've been messing around with clean urls in php and I've been having some trouble. I'm working on a private messaging system and when I go to "sitename.com/mail/view.php?page=inbox" it correctly displays the users inbox messages but when I put "sitename.com/mail/view/inbox/" it just displays the page like the GET value isn't set. Why is that? this is the HTACCESS file for clean url
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^view/([a-z]) view.php?page=$1 [NC,L]
if any body copy and paste anything from word to editor some unwanted css also coming with that pasting. when we request the data same css also coming with that. so how to clean data when we request $desc =$_request['contents']; how to solve this issue. please help me. I'm new to OOP and trying to write tiny classes to get practice. The next class I want to create will be used to clean HTTP data from when a form gets submitted. I'm embarrassed to say, but I'm scratching my head trying to figure out what types of things I should do as far as "sterilizing" POST and GET data?! Can someone get me started here? Thanks, TomTees I created a new homepage for my network of sites I run. I tried to go for a simple and clean look. The pages themselves function how I'd like, but I'm unsure if the menu system is easy to understand or not.
I even added a time limited message on the front page of the site indicating that the logo was clickable, but purposely left it off of other sub-pages to try and keep the design as clean as possible.
Check it out, let me know what you think.
http://ctenetwork.com
I currently use the following function to clean form inputs to prevent MySql injection, Does this function do enough to prevent MySql injection? is there anything i have missed? <?php //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } ?> i have my form with 5 fields that are not required to be filled out. Code: [Select] <input class="inputbg" type="text" name="MAC[]" /> <input class="inputbg" type="text" name="MAC[]" /> <input class="inputbg" type="text" name="MAC[]" /> <input class="inputbg" type="text" name="MAC[]" /> <input class="inputbg" type="text" name="MAC[]" /> On my process page I want to remove all of the empty index's that did not have data entered. I am new to sending array data via POST do I need to do anything else other then what is below? Code: [Select] foreach($MAC as $key => $value) { if($value == "") { unset($MAC[$key]); } } $mac_addresses = array_values($MAC); if(empty($mac_addresses)){ $error = "You did not enter any MAC adresses."; $valid = "false"; } I am currently using my own error handler so i can log all mysql errors into a mysql table: mysql_query('select data from table')or trigger_error(mysql_error(),256); If there's an error i need to know the line number where the mysql_query function was called. Is it possible to instead use this code: mysql_query('select data from table'); but somehow transparently log a mysql error and the line number if there is an error in the query? thanks I've been using clean URLs and it's been giving my PHP sessions for my user system some trouble. I display the logged in users username on every page via a header.php file that I require on every page. Sometimes when I click a link to navigate to a page with a clean URL, the session information "disappears" and asks the user to login but if I navigate to another page from the clean url that the session "disappeared" on, the logged in users username is displayed at the top of the page like normal. Any idea certain pages cause the session to "disappear"
Header.php where the user info is displayed. $_SESSION['username'] is set on the login page
<?
session_start();
if (isset($_SESSION['username'])) {
echo "Welcome back, " . $_SESSION['username'];
}
?>
Edited June 13, 2020 by Nematode128 Hello everybody,
I am honestly quite a newb when it comes to mod_rewrite.
We run a small social media page with different areas and I would like to change the URLs to something more clean and professional.
User profiles look like this:
http://www.sky-mp3.com/index.php?action=cm&siteid=59&wahl=artists&tat=details&keyid=477siteid 59 is the artists list and the keyid at the end is the ID of the artist but should be like: http://www.sky-mp3.com/mischuraor in worse case like: http://www.sky-mp3.com/user/mischuraCMS pages look like this: http://www.sky-mp3.com/index.php?siteid=106but should be like: http://www.sky-mp3.com/charts(page name instead of siteid) What I know so far: - I have to add something to the .htaccess file - I need to change something in the code (but I don`t know where) Im good he? What would be the first step on the path to clean URLs for me? I found alot of infos here and there but found nothing yet for this specific case. Kind regards from and thx in advance from Cologne Does anyone have any idea why my inputs shrink (to default height and weight) after i press submit button? I use css width and height for inputs. All other settings (border, background color etc.) remain like they should. For form submit i use PHP self function where i check if submit button has been pressed and then perform the form action. Thank you Hi! I wanna know what is the best way to secure my inputs? Now I'm using something like this function:
public function z($var) {
$result1 = htmlspecialchars($var);
$result = mysqli_real_escape_string($this->conn, $result1);
return $result;
}
but I don't know how secure it is from all inputs... It couldn't be that with that my site is completely secure... So I wanna know what else I should use... I found something about PHP sanitize filters and similar... Same for mail, should I use that for e-mail, what should I use for e-mails as I think this 2 codes will brake character @ necessary for emails. Any suggestion is welcome Thanks II have been told that I should sanitize my inputs, what does that mean? Isn't that what trim does? |
|||||||