Tracking Forums, Newsgroups, Maling Lists
Home Scripts Tutorials Tracker Forums
 
  HOME    TRACKER    PHP




Filtering Out Bad Input


I am currently building a website, with a built in news and comment, so far i know have been able to filter out thing such as swear words, however is it possible to filter of say f someone held down the ===================================================== ============= key

Is there a way to prevent this or will i have to have some sort of statement that counts how many times the = or other char is grouped together?




View Complete Forum Thread with Replies
See Related Forum Messages: Follow the Links Below to View Complete Thread
User Input Filtering
I have a comments system. In this comment system, people can enter certain strings, and it will break my page layout. Such as repeated characters with no spaces. It will just blow the table way out of proportion and completely ruin my layout. How can I break their input up if such a thing happens? Also, how can you number an array of data that is being withdrawn from the database DESC? Such as..

Quote1. itemnumber1
2. itemnumber2
3. itemnumber3
4. itemnumber4
Filtering User Input...
I want to take text that a user inputs and store it into a variable.  That's the easy part.
I have and array of 30 elements that I want to store the inputted text into.

So.. here's an example...
- I want a user to enter text.
- I'll store it into a variable like $inputText.
- I want to split the text from $inputText into 30 equal sections and store each section into an element in the variable.
- I don't care if the words get separated during the filter, as long as the whitespaces stay where they are.

Could anyone give me some tips to help me get started or point me towards a tutorial or something?
$_POST Behavior From Input=submit Vs Input-type=button
I have been trying to solve an annoying behavior with PHP (I think).
Maybe some of you have encountered the same and have some ideas.

I have an html form and I use an <input type="button"> element with
the onClick event that calls a javascript funtion. Once the script's
content has been processed, I execute the form.submit() directive.

I would like to combine the html form and the PHP script into one, and
use action="<?php echo($PHP_SELF) ?>".

When the html form has <input type="button" name="theButton"
value="thisisthetrigger" onclick="doThis(this.form)">but PHP cannot
'read' the value of $_POST["theButton"] after form.submit().

If I substitute the <input type="button"> for <input type="submit">
then PHP reads the value just fine. Some may argue to just use the
latter option, but that will cost me a trip back to the server to
basically do a lot of validation that can be very easily accomplished
on the client side.
Filtering HTML With PHP
I am using PHP to set up a message board which interfaces with a mySQL database. I am trying to filter malicious HTML code that users would try to leave on the message board. I want to strip all HTML tags except the <A HREF> tag.
Filtering RSS Content
I need to install an rss aggregator on a website. The catch is that it
should only pull in items from feeds which contain certain keywords.

Any idea how this can be done or if such a content managing software
already exists?

Dirty Filtering
does any one has a list of dirty words, do not post in this forum, but show me url. PHP Code:
Username Filtering
I'm having problems with regular expressions. How could i check if a variable has only letters and numbers in it?
Price Filtering
I am having an issue with filtering price from a form variable so maybe someone can tell me how I'm screwing this up.

I have a search page that has 3 criterias for search - category 'cat', price 'price' and location 'area'. I am using Dreamweaver 8 for this project. I can create the query for both cat and area for the double filter, but when i get to price it removes all the records from view.

I removed the 2 working queries and am now focusing on the 'price' query. My SQL looks something like this: Code:
Filtering Data
I've got a question which is more aimed at drumming up some opinions/starting a discussion then looking for a "right answer".  I am writing an application and I wanted to hear some suggestions on how to handle the filtering of data from the user.  The data is all coming in through one class where it is then passed as arguments to methods down the hierarchy, so it seems to make sense to do the checking at that top point.

However what isn't as clear is whether the regular expressions (or some alternative) used should be exclusively set by the top level class.  For instance I see that Cake (a framework) has a protected _validation array which Models can set with their own regex.

I am not a huge fan of this approach because it leaves the array protected, and because it may be responsibility that goes past the role of the class.  In fact I'd prefer a method which didn't rely so heavily on regex in the first place as I find regex hard to maintain.

So what solutions have you come up with to handle input?  I'm looking for suggestions which are flexible enough to accomodate unforseen changes in security, but simple enough to be implemented in a single class (or a single method).

To kick this off here's my current solution (somewhat described above)
if (!is_array($this->_validation))
throw new Exception("Unable to validate data bad validation hash found");

$result = array();
foreach ($arguments as $key => $value)
{
$pattern = $this->_validation[$key];
if ($pattern == null)
throw new Exception("The submitted data has no corresponding pattern and can not be evaluated");
if (!preg_match($pattern, $value))
throw new Exception("The submitted data was invalid");
$result[$key] = $value;
}
return $result;
IP Filtering By Country
Does anyone know of some good ways to filter traffic by country?

I can only monetize US, UK, and Canada traffic, but must send them to a different thing for each country.

All other countries I would like to send somewhere else.
Filtering XML Results
I'm in the process of creating a page that displays multiple lines of inventory for a bunch of products (let's call them 'widgets'). The widgets are listed in XML format (they'll end up being pulled from a MySQL DB eventually). Code:
Filtering Of Characters
Does filtering of certain characters make a search engine more efficient?

Speical characters such as ~!@#$%^&*()_+
Error Filtering Bad Language
I have a dynamic shout box service, and I need to filter bad language, so i wrote a function on how it should work. PHP Code:
Filtering Out Keywords In A Search!
I have about 1100 movie titles in a database. I am trying to do a simple search engine and have seperated each keyword using the following code:

$q = $_GET['q'];
if ($q) {
$q = strtolower($q);
$k = split(" ", $q);
$num_keywords = count($k);
for ($i=0; $i<$num_keywords; $i++) {
if ($i) {
$search_string .= "OR moviename LIKE '%" . $k[$i] . "%' "; }
else {
$search_string .= "moviename LIKE '%" . $k[$i] . "%' "; }
} end for
$and .= "WHERE ($search_string) ";
} //end if

$querycount = "SELECT * FROM titles $and";

rest of code...
This works ok, but if I type something in like 'The Killer' it fetches everything with the word 'the' as well.

I have put the words into an array that I want to filter out.

$skipwords = array("the", "of", "and"); etc

Can I use that to filter out the words? I`ve been playing around with the in_array() function, but can`t seem to get it to work like I want it to.
Audio Filtering Via PHP, Program
I have been tasked with trying to find a way to complete this
project... I'm not sure if it is possible, but hopefully you guys can
provide some insight...

I need to create a web application that will allow a visitor to record
their voice into an audio file, then apply different filters/effects
to it (like robot, lady, etc.), and send it to a friend. I haven't the
slightest clue where to begin on doing something such as this. I
searched google for a similar functionality, and have come up empty
handed. Has anyone seen anything like this done, or an application
that would do something like this, PHP or otherwise?
Filtering A Db With A Start And End Date
I have a MySQL table with a datetime field. I need to make a PHP script that will take all rows whose datetime field falls within that of a user-specified begin and end time. Anyone have a code snippet to do that?
DVD Id Is Incorrect After Filtering Results
I am making a basic DVD shop and after having produced code which displays a
list of DVDs from my database, I implemented a search facility which enables
the user to search by title, director or actor.

The user can also browse the DVDs by genre. However, when the DVDs are
filtered, the id that is used to select a DVD and add it to the basket is
incorrect as they are output in a sequential manner and so the DVD placed
into the basket will be that matching the id. Here is the loop that outputs
the DVDs (I have a DVDID field as you probably have guessed):

if (mysql_num_rows ($getdvds_query))
{
for ($id = 0; $dvd[] = mysql_fetch_assoc ($getdvds_query); $id++)
{
echo "<tr>
";
echo "<td>{$dvd[$id][title]}</td>
";
echo "<td>{$dvd[$id][duration]}</td>
";
echo "<td>{$dvd[$id][rel]}</td>
";
echo "<td>{$dvd[$id][descr]}</td>
";
echo "<td>{$dvd[$id][genre]}</td>
";
echo "<td>{$dvd[$id][stock]}</td>
";
echo "<td>{$dvd[$id][price]}</td>
";

echo "<td><a href="$PHP_SELF?add=$id">add to basket</a></td>";
echo "</tr>
";
}
}

Here is the code that adds to the basket variable:

if (isset ($_GET['add']))
$_SESSION['trolley'][] = $_GET['add'];
else if ($_GET['op'] === 'clear')
$_SESSION['trolley'] = "";
HTTP Filtering With PHP & Apache ?
I am looking for a full example how I can achieve an http output
filtering with php on an apache 2 server. I found some hints that the
apache server supports to isntall and conifugrate such filters
http://httpd.apache.org/docs/2.0/mo...addoutputfilter
But I didn't found an example which is related to PHP.

I like to achieve for my shop using a template mechanism based on xml &
xsl with PHP. My idea is currently to use an output filter which does
the xsl transformation.
If anybody knows a tutorial or even some applicable frameworks in this
area please post me here the links.
Filtering Results With Php Query
This code works, but I don't know how to filter the results to where only one person is displayed..it displays all records with similar address or state or city, I would like to know how to make it display only one person when multiple search fields are entered.

I'm using PHP5, and I have searched the forums but I'm not sure exactly if I found what I'm looking for...I don't know much about php or mysql. Code:
Filtering Message From The Database
i have a page where people can send in MMS pictures and they get uploaded and displayed on my page, they need to type a keyword in the MMS like "sendmms" to make it work. if they also write "sendmms hey look at me" it also works since "sendmms" was at the beginning of the message and "sendmms hey look at me" get's added to the row "message" in my database. the pictures get an ID in the database and saved with the same ID on the server.

so under each picture sent in i wanted to add the comment they added after the "senmms" part.

so in short, how do i make it filter out "sendmms" and only display "hey look at me" ? and if the Page ID is let's say 13 it should display the "messsage" column for the ID in the database that has the same ID as the page ID is.
Filtering Results By DATE Value In Database
I have this code in my page for displaying some data from a database, sorted by date. i had posted a messed up version of this a while ago but I couldnt get it working even after a few suggestions. PHP Code:
Filtering A Recordset With A Session Variable
I have two forms, the Form1 and the Form2. One of the answers in the Form1 is saved in a session variable SesVar1.

In the Form2 there is a dynamic table build with a recordset. I need to filter the recordset of the Form2 with SesVar1.

I tryied to do this using a variable in the recordset window of dreamweaver, writing #SesVar1# in the run-time value of the variables for the recordset, but it didn't work.

Please HELP me out with this one. How can I filter that recordset using the value of a session variable? or the Form1's answer?
Image File Upload Filtering
I have made a file uploader,

I also made a filter, I can't make a good filter for jpeg files, but i can filter gif, can you advice, thanks

if ($_FILES["file".]["type"] == "image/gif")
bla bla bla
Filtering Selection In Multiple Drop Down Boxes
I want to allow a user to conduct a search on a database using multiple drop down boxes.
On the first page they will have a drop box filled with records from field A. Once they select which one they want, a second drop down box will then appear with records from field B which are present for field A (a filter).

What I want though is that the first dwon down box still appears on the second page, but shows the record that the user selected. What is happening now is that when the second page comes up, the first box shows the default selection rather than the selection that the user chose. My code for the drop down boxes is: PHP Code:
Filtering The Elements Of A Multi-dimensional Array
I would like to be able to filter every element of a multi-dimensional array
using htmlspecialchars() and to retain the structure of the array. I can't
see how to do this when I don't know how many dimensions the array has.
Dynamic Recursive/nested Foreach (part Deux) With Filtering
I originally wanted to figure a method to better implement a nested foreach to calculate all the permutations held within an array. After posting the topic and getting great responses an elegant solution was found. I then increased the difficulty by requesting that we also include a method to "filter" or "skip" certain values during permutation calculation. The original solution finder quickly came back with yet another code snippet listed below which acomplished the request...it was mere childs play it seems for them (sasa). I marked the topic solved as the original question had been solved.

I am creating this new thread as I am once again adding an additional layer of difficulty. The final previous solution is listed first as a reference, followed by the new and more complex problem underneath that one. My attempts to shunt in the functionality have all failed I think due to the recursive nature...any takers? Code:
How To Use Php:// Input?
I tried using php://input in the following script but nothing is output
when I run it:

<form action="test.php" method="post">
<input type="text" value="demo" />
<input type="submit" />
</form>
<?php
$fp = fopen('php://input','r');
while (!feof($fp))
echo fgets($fp);
fclose($fp);
?>

Any ideas as to what's being done wrong?
Input Box Query
Hi,

I am using the following code to check whether a user wants to delete something

function confirm_entry(loca, ques){
input_box=confirm(ques);
if (input_box==true){
document.location = loca;
}
}

how can i modify this so that if the user clicks cancel they stay on that page?
Checking Input Of An Url Or Ip?
i do use the following code:

Code:
if ($siteurl == "") {
$badreg = true;
$valid_url = false;
echo "<span class='main'><font color='#C10000'><b>Error:</b></font> Please check your url.<br>
";
} else {
$valid_url = true;
$siteurl = ereg_replace("http://", "", $siteurl);
list($domain, $file) = explode("/", $siteurl, 2);
$siteurl = "http://" . $domain . "/" . $file;
}

Any idea how i could extend the " if ($siteurl == "") { " for checking for valid domain names and ip-addresses?
Validating Input
What is the most efficient way to validate an input to conform to your
needs?

I need to make sure an input is a contiguous string with only printable
characters (english alphabet+numbers only) and no whitespace or
punctuation marks.
Input Filter?
i have been searching for a good input filter class or how-to guide.
All I found were vague concept descriptions or alpha-release or more than a
year old, dead projects.

Isn't there a comprehensive class to filter user inputs for specific
purposes such as display, sql storage and filter features such as specific
html tags, filter JS, etc etc?
Standard Input
Is there a way to read input into a php program through stdin, when the program is run through a terminal window?
User Input...
I have a form with a field that expects user to input HTML tags. I know I have to use htmlspecialchars for that input but what if the user inputs PHP code? I've looked at the help file and I can only find strip_tags which removes both PHP and HTML tags.

If a user wants to crash/corrupt/hack into your site by entering PHP code, what kind of things can he type? Must he include PHP tags to work? If he must use PHP tags, I could just write a function to remove only the PHP tags and not the HTML tags.
Input To Database
Is there a way to escape charaters from a post before inputting it into the database?

like: <br> to <br>
Remember Input Value
I have a form, after users submit it, if they leave the required fields blank, I need to let them go back to the page and fill those fields. How can I remember the values the users already filled so they don't need to fill the same fields again? Is there any other ways to do this except using cookie? Is there any 'forward' or 'redirect' function can do this?
Different Types Of Input
it is all working but all of my fields can not be typed in i need some to have the drop down menu of preselected choices(enum) some need to be the radio buttons for like Gender male or female and the would click one circle.

I do not know what i need to do to change this though do i need to change all of this stuff or just selected pieces which pieces and how would i change those piecs? PHP Code:
HELP: Getting Input From Perl Cgi To PHP.
I have this:
------------

print "<FORM name="form3" ACTION="cmdlog_rep.php">
";
print "<TD><INPUT TYPE="submit" VALUE="Submit"></TD>
";
..
print "<INPUT type="HIDDEN" name="year1" >
";
print "<INPUT type="TEXT" name="when" >
";
print "</FORM>
";

if click on submit I get this:
------------------------------
http://cpstmws2/p/cmdlog_rep.php?when=0&year1=

and I can't get the values here:
--------------------------------

<?php

// set server access variables
$when = $_REQUEST['when'];
$year1 = $_REQUEST['year1'];
..
..
echo $when;
echo "<BR>";
echo $year1;
echo "<BR> The test ends here
";
?>
---------------------------------
What am I doing wrong?
Input Form
First question:

I have an input form that upon pressing a button validates the values
entered into this form. I am using the following code recall this form if
there is an error in one of the requested fields:

<form name="form1" method="post" action= "InputForm.php" >

All works fine. However, if there is an error and this form is recalled, all
the fields are blanked out when you are brought back to the form. I'd like
for the form to retain the values that had been entered. How do I do this?

Second question:

For the fields that are in error, I'd like for the titles for the fields to
display an asterisk and change the text to red. Have any of you done this
and if so how do you implement it?
Scanner Input For PHP
I have a scanner connected to my server running Apache.

I would like to have a script that allows me to get a pdf file directly
from the scanner.

Is this do-able?
Validating Input...
What's the best method of validating input characters? I would like to
prevent users submitting exotic characters (such as those acquired on
Windows Systems by pressing ALT+[keypad number of your choice]) and thought
a way of doing this would be to compare the submitted strings with the array
keys returned by get_html_translation_table(HTML_ENTITIES), but padding this
array out with all the remaining normal keyboard characters.

But... am I reinventing the wheel? Surely there must be an existing function
along the lines of: valid_charset($str_blah, "iso-8859-01") or somesutch?!

Here's hoping...
User Input?
Is there a way to get user input from a php script that doesn't have to do
with html? I would like to ask the user(me) to input a directory(preferably
in a gui way such as a folder selection dialog) to do some work with. Is
this possible when running the script directly on my comp(not off a
server(remote or local))?

The script is a management thing that I'd like to create to help generate
some html code. Essentially I want it to scan a dir(but don't want to hard
code it) and have it generate a list of links for the files in that
dir(which are images). Maybe even asking for a description for each.

Even if it was a little shell program to change the directory(sorta like
dos) would be much better than having to enter in the directory name by
hand.
POST_VAR With Out Input
How do I just make it so I put a variable into a post data for another page with out someone having to input it into a text field? I was trying:

$HTTP_POST_VARS['login'] = $login;
$HTTP_POST_VARS['pass'] = $pass;
But it didn't work.
Php User Input
When running PHP as a binary, is there a way to ask for user input?
Input Form With Same Name
I have a problem with a form that it has of the input with the same
name: I cannot modify code HTML inserting [ ], in the variable $_POST
is always a single value, like I can recover also the others?
Input Form
I'm trying to set up an input form so when I enter information using the input form the info I type in is sent to another page and placed in a table. That I already have set up but when I hit the refresh button the data in the table is erased. Code:
Limiting Input!
I have recently started a project, and I need to limit user input. I need to make it so the user can only make 1 guess per day. It will collect all the users/guesses for one day, then at the end of the day(12 AM) I will drop all the guesses so they can start guessing again. So I just need to know how to make it so they can only make 1 guess. Code:
Sanitizing Input
Right now I sanitize input to protect against XSS

It makes it so that you cannot search for usernames with high ascii though

Such as Þ and ® and Î

Is there a way I can make it so high ascii can be used? Without removing protection against XSS?

Right now I am using htmlentities(stripslashes($value),ENT_QUOTES)
Sanitizing Input
Where could I find a good tutorial on sanitizing input from GET and POST variables?  I don't need javascript checks, because it's not a form, but do need to do some checks for XSS and SQL injections.   
Input Validation
The idea is to have a way to seperate business rules and validation rules from programming logic and have a shared set of rules for both php and javascript. Here is a code snipet to show you how much time/coding this type of framework could save you. I'm still in the early stages of development and have some issues to work through but this should give you the idea.

    include_once "xml_rule_validator.php";
   
    $xrv = new XMLRuleValidator();
    $xrv->load_from_file("xml_validation_rules.xml");
   
    $valid = $xrv->validate_php();
   
    if( !$valid )
    {
       $xrv->display_error_summary();
    }

And that's it... it would validate all get/session/post variables as specified in the xml document. So if you want to add or remove a check from a field... you make a simple change to an xml document rather than going in and hunting through lines of code. In my case I've got hundreds and hundreds of lines of code per page down to something like that.

So what are your guys thoughts? Do you have different alternatives that you think are better? Any improvements upon my idea?
Copyright © 2005-08 www.BigResource.com, All rights reserved