Spoofed Form Security

Question

davy_yg 2 Posting Whiz

12 Years Ago

spoofedform.php

<html>
Spoofed Form Security
<form action="receive.php" method="POST">
Nama:
<input type= "textbox" name="nama"></br>
Warna Favorit: <select name="color">
<option value="red">red</option>
<option value="green">green</option>
<option value="blue">blue</option>
</select>
<input type="submit">
</form>

receive.php

<?php

$nama = isset($_POST['nama']) ? $_POST ['nama'] : '';
$color =  isset($_POST['color']) ? $_POST ['color'] : '';

// escape output

$newnama = htmlspecialchars($nama, ENT_QUOTES);
$newcolor =  htmlspecialchars($color, ENT_QUOTES);

// filter input

$newnama = RemoveBad($newnama);
$newcolor = RemoveBad($newcolor);

function RemoveBad($strTemp) { 
    $strTemp = preg_replace('/<|>|\||%|;|\(|\)|&|\+|-/i', '', $strTemp);
    return $strTemp;
} 

?>

It works already. I would like to filter out more symbols form the name input such as : $ and @

how? what should I add next to i ?

php

2 Contributors
1 Reply
135 Views
21 Minutes Discussion Span
Latest Post 12 Years Ago Latest Post by niranga

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

niranga 9 Junior Poster · Answer 1 · 2012-07-11T06:42:54+00:00

Try,

$strTemp = preg_replace('/<|>|\||%|;|\(|\)|&|\+|-|:|\x24|@/i', '', $strTemp);

NOTE: \x24 will replace $ sign