Stop scripts being added to database
I have a form that used iRite to allow customers to add text to the database. Because its sending html to the database for the text formatting how do I stop people also adding <scripts> to the text.
I have a form that used iRite to allow customers to add text to the database. Because its sending html to the database for the text formatting how do I stop people also adding <scripts> to the text.
You will need to add a replace functionality to the code that inserts to your database. Basically you will need to replace the <scripts> tags with an empty string.
I could help you with that if you can paste the code that inserts to your database.
Thank you Dani
elements in question are short_desc and long_desc
<?php
// WA Application Builder Insert
if ($_SERVER["REQUEST_METHOD"] == "POST") // Trigger
{
$WA_connection = $brighton;
$WA_table = "directory";
$WA_sessionName = "directory_company_id";
$WA_redirectURL = "add_business_thankyou.php";
$WA_keepQueryString = false;
$WA_indexField = "company_id";
$WA_fieldNamesStr = "name|user_name|sales_code|listing_type|cart_id|business_name|address1|city|county|postcode|email|website|telephone|fax|region|short_desc|long_desc|character|date|logo";
$WA_fieldValuesStr = "".((isset($_POST["name"]))?$_POST["name"]:"") ."" . "|" . "".((isset($_POST["user_name"]))?$_POST["user_name"]:"") ."" . "|" . "".((isset($_POST["sales_code"]))?$_POST["sales_code"]:"") ."" . "|" . "".((isset($_POST["listing_type"]))?$_POST["listing_type"]:"") ."" . "|" . "".((isset($_POST["cart_id"]))?$_POST["cart_id"]:"") ."" . "|" . "".((isset($_POST["business_name"]))?$_POST["business_name"]:"") ."" . "|" . "".((isset($_POST["address1"]))?$_POST["address1"]:"") ."" . "|" . "".((isset($_POST["city"]))?$_POST["city"]:"") ."" . "|" . "".((isset($_POST["county"]))?$_POST["county"]:"") ."" . "|" . "".((isset($_POST["postcode"]))?$_POST["postcode"]:"") ."" . "|" . "".((isset($_POST["email"]))?$_POST["email"]:"") ."" . "|" . "".((isset($_POST["website"]))?$_POST["website"]:"") ."" . "|" . "".((isset($_POST["telephone"]))?$_POST["telephone"]:"") ."" . "|" . "".((isset($_POST["fax"]))?$_POST["fax"]:"") ."" . "|" . "".((isset($_POST["region"]))?$_POST["region"]:"") ."" . "|" . "".((isset($_POST["short_desc"]))?$_POST["short_desc"]:"") ."" . "|" . "".((isset($_POST["long_desc"]))?$_POST["long_desc"]:"") ."" . "|" . "".((isset($_POST["character"]))?$_POST["character"]:"") ."" . "|" . "".((isset($_POST["date"]))?$_POST["date"]:"") ."" . "|" . "".$WA_DFP_UploadStatus["WA_UploadResult1"]["serverFileName"] ."";
$WA_columnTypesStr = "',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''";
$WA_fieldNames = explode("|", $WA_fieldNamesStr);
$WA_fieldValues = explode("|", $WA_fieldValuesStr);
$WA_columns = explode("|", $WA_columnTypesStr);
$WA_connectionDB = $database_brighton;
mysql_select_db($WA_connectionDB, $WA_connection);
if (!session_id()) session_start();
$insertParamsObj = WA_AB_generateInsertParams($WA_fieldNames, $WA_columns, $WA_fieldValues, -1);
$WA_Sql = "INSERT INTO `" . $WA_table . "` (" . $insertParamsObj->WA_tableValues . ") VALUES (" . $insertParamsObj->WA_dbValues . ")";
$MM_editCmd = mysql_query($WA_Sql, $WA_connection) or die(mysql_error());
$_SESSION[$WA_sessionName] = mysql_insert_id();
if ($WA_redirectURL != "") {
if ($WA_keepQueryString && $WA_redirectURL != "" && isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] !== "" && sizeof($_POST) > 0) {
$WA_redirectURL .= ((strpos($WA_redirectURL, '?') === false)?"?":"&").$_SERVER["QUERY_STRING"];
}
header("Location: ".$WA_redirectURL);
}
}
?>
I have attached a file which contain the changed code. I would recommend comparing the two files to see the changes that i have made.
let me know if you still have any other questions.
Looks too simple, I will try it and keep my fingers crossed.
Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.
These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.