spoofedform.php
<html>
Spoofed Form Security
<form action="receive.php" method="POST">
Nama:
<input type= "textbox" name="nama"></br>
Warna Favorit: <select name="color">
<option value="red">red</option>
<option value="green">green</option>
<option value="blue">blue</option>
</select>
<input type="submit">
</form>
receive.php
<?php
$nama = isset($_POST['nama']) ? $_POST ['nama'] : '';
$color = isset($_POST['color']) ? $_POST ['color'] : '';
// escape output
$newnama = htmlspecialchars($nama, ENT_QUOTES);
$newcolor = htmlspecialchars($color, ENT_QUOTES);
// filter input
$newnama = RemoveBad($newnama);
$newcolor = RemoveBad($newcolor);
function RemoveBad($strTemp) {
$strTemp = preg_replace('/<|>|\||%|;|\(|\)|&|\+|-/i', '', $strTemp);
return $strTemp;
}
?>
It works already. I would like to filter out more symbols form the name input such as : $ and @
how? what should I add next to i ?