Filltering

**GiLL** · 09.01.10, 16:52

Originally posted by GumSlone View Post

this is not a good solution to prevent mysql injection

yeah but at last it can stop special characters and we can use mysql_real_escape_string also bad char function or lets use

PHP Code:


if(!get_magic_quotes_gpc()) 

{ 

  $_GET = array_map('mysql_real_escape_string', $_GET);  

  $_POST = array_map('mysql_real_escape_string', $_POST);  

  $_COOKIE = array_map('mysql_real_escape_string', $_COOKIE); 

} 

else 

{   

   $_GET = array_map('stripslashes', $_GET);  

   $_POST = array_map('stripslashes', $_POST);  

   $_COOKIE = array_map('stripslashes', $_COOKIE); 

   $_GET = array_map('mysql_real_escape_string', $_GET);  

   $_POST = array_map('mysql_real_escape_string', $_POST);  

   $_COOKIE = array_map('mysql_real_escape_string', $_COOKIE); 

}

**ripkk2tfk** · 09.01.10, 16:58

Ok im using mysql_real_escape_string in XAMPP but the special characters are still going in the database

**GumSlone** · 09.01.10, 17:08

ok,
so you want to prevent mysql injection or filter special chars?

1. if you want to filter special chars use the first code ive posted,
2. if you want to prevent mysql injection use mysql_real_escape_string
3. if you want to filter chars and prevent mysql injection use both.
4. and if you only want to check username for special chars you can use this:

PHP Code:


if (preg_match("/[^\da-zA-Z-._]+/", $username))

            $error .= 'Incorrect username! Please avoid spaces and special chars.';

fershtein?

**ripkk2tfk** · 09.01.10, 17:42

Thank you I got it working

**kei_ki7** · 14.01.10, 21:48

Originally posted by GiLL View Post

put this in your confg.php or ini.php

PHP Code:


function scharin($word)
{
  $chars = "abcdefghijklmnopqrstuvwxyz0123456789";
  for($i=0;$i<strlen($word);$i++)
  {
    $ch = substr($word,$i,1);
  $nol = substr_count($chars,$ch);
  if($nol==0)
  {
    return true;
  }
  }
  return false;
}

put this line in your register.php and you replace $login to your user name etc

PHP Code:


if(scharin($login) == true) $error=$error.'Invalid Characters in Nick!<br/>';

and

PHP Code:


if(strlen($login)<3) $error=$error.'Nick should be Minimum of 3 words!<br/>';

if you need more and strong filter send me pm will tell you

3 letters

just correcting

**CreativityKills** · 14.01.10, 21:58

just use htmlpurifier instead of gills cheap attempt at data filteration.

**GiLL** · 15.01.10, 03:33

Originally posted by mobileGIGS View Post

just use htmlpurifier instead of gills cheap attempt at data filteration.

i wouldnt help any more your master then give him code and help him instead making nonsense comments mind it i dont care what ever you know or who are you and next time dont quote my post

**CreativityKills** · 16.01.10, 07:23

And if quote u u will. . .?

Oh pls, save ur **** talk. All im sayin is if u want to filter, do it ryt or dnt do it at all. Try htmlpurifier or gills. Ur choice. Gills simpler and easier to implement, and d other is harder. Your choice.

**GiLL** · 16.01.10, 07:33

don't be over smart always seen you many time and never use cheap word what ever at last it could help some time and some where easy way if you were said use htmlpurifier instead cheap got it ? i am not posting get here mod status even don't need your suggestion or any type argue

Filltering

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment