PHP sanitise_input Beispiele

Beispiel #1

Datei: index.php Projekt: ReneGustavo/realtime-web-workshop

<?php

require_once '../../../lib/pusher/Pusher.php';
include '../../config.php';
require_once 'Activity.php';
date_default_timezone_set('UTC');
$chat_info = $_POST['chat_info'];
if (!isset($_POST['chat_info'])) {
    header("HTTP/1.0 400 Bad Request");
    echo 'chat_info must be provided';
}
$options = sanitise_input($chat_info);
$activity = new Activity('chat-message', $options['text'], $options);
$pusher = new Pusher(APP_KEY, APP_SECRET, APP_ID);
$data = $activity->getMessage();
$response = $pusher->trigger(PRESENCE_CHANNEL_NAME, 'chat_message', $data, null, true);
header('Cache-Control: no-cache, must-revalidate');
header('Content-type: application/json');
$result = array('activity' => $data, 'pusherResponse' => $response);
echo json_encode($result);
function get_channel_name($http_referer)
{
    // not allowed :, / % #
    $pattern = "/(\\W)+/";
    $channel_name = preg_replace($pattern, '-', $http_referer);
    return $channel_name;
}
function sanitise_input($chat_info)
{
    $email = isset($chat_info['email']) ? $chat_info['email'] : '';
    $options = array();

Beispiel #2

Datei: create-snippet.php Projekt: Jamiewarb/FYP

                 $errormsg = "You must give the snippet a description";
                 $valid = false;
             } else {
                 if (empty($_POST["body"])) {
                     $errormsg = "You must give the snippet a body";
                     $valid = false;
                 }
             }
         }
     }
 }
 $tags = sanitise_input($_POST["tags"]);
 $language = sanitise_input($_POST["language"]);
 $title = sanitise_input($_POST["title"]);
 $description = sanitise_input($_POST["description"]);
 $body = sanitise_input($_POST["body"]);
 if ($valid) {
     // Put the snippet in the database
     // Get the ID of it
     // Go to that snippet page
     if (isset($_POST['button-public'])) {
         $privacy_settings = "public";
     } else {
         if (isset($_POST['button-private'])) {
             $privacy_settings = "private";
         }
     }
     $user_id = $_SESSION['login_user']['id'];
     $snippet_id = $database->insert("snippets", ["creator_id" => $user_id, "created_date" => date('Y-m-d H:i:s'), "privacy_setting" => $privacy_settings, "title" => $title, "language" => $language, "tags" => $tags, "updated_date" => date('Y-m-d H:i:s'), "updated_by_id" => $user_id, "description" => $description, "snippet_data" => $body, "total_rating" => 0, "total_favs" => 0]);
     if ($snippet_id > 0) {
         header("Location: snippet?s=" . $snippet_id);

Beispiel #3

Datei: process-enquire.php Projekt: beahuang/Short-Training-Course

    return $data;
}
if (isset($_POST["submit"])) {
    $firstname = sanitise_input($_POST["firstname"]);
    $lastname = sanitise_input($_POST["lastname"]);
    $email = sanitise_input($_POST["email"]);
    $streetaddress = sanitise_input($_POST["streetaddress"]);
    $suburb = sanitise_input($_POST["suburb"]);
    $state = sanitise_input($_POST["state"]);
    $postcode = sanitise_input($_POST["postcode"]);
    $phone = sanitise_input($_POST["phone"]);
    $course = sanitise_input($_POST["course"]);
    $location = sanitise_input($_POST["location"]);
    $length = sanitise_input($_POST["length"]);
    $seats = sanitise_input($_POST["seats"]);
    $comments = sanitise_input($_POST["comment"]);
    $errMsg = "";
    if ($firstname == "") {
        $errMsg .= "<p>You must enter your first name.</p>";
    }
    if (!preg_match("/[a-zA-Z]{1,25}/", $firstname)) {
        $errMsg .= "<p>Maximum of 25 characters, alphabetical only for your first name.</p>";
    }
    if ($lastname == "") {
        $errMsg .= "<p>You must enter your last name.</p>";
    }
    if (!preg_match("/[a-zA-Z]{1,25}/", $lastname)) {
        $errMsg .= "<p>Maximum of 25 characters, alphabetical only for your first name.</p>";
    }
    if ($email == "") {
        $errMsg .= "<p>You must enter your email.</p>";

Beispiel #4

Datei: addorder.php Projekt: beahuang/Short-Training-Course

function sanitise_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
$bname = sanitise_input($_POST["bfirstname"]);
$bstreetaddress = sanitise_input($_POST["bstreetaddress"]);
$bsuburb = sanitise_input($_POST["bsuburb"]);
$bstate = sanitise_input($_POST["bstate"]);
$bpostcode = sanitise_input($_POST["bpostcode"]);
$creditcard = sanitise_input($_POST["creditcard"]);
$creditname = sanitise_input($_POST["creditname"]);
$cardnumber = sanitise_input($_POST["cardnumber"]);
$cardexpiry = sanitise_input($_POST["cardexpiry"]);
if (isset($_POST["submit"])) {
    $errMsg = "";
    if (!preg_match("/[a-zA-Z]{1,25}/", $bname) && $bname != "") {
        $errMsg .= "<p>Maximum of 30 characters, alphabetical only for your billing name.</p>";
    }
    if (!preg_match("/.{1,40}/", $bstreetaddress) && $bname != "") {
        $errMsg .= "<p>Maximum 40 characters for your billing street address.</p>";
    }
    if (!preg_match("/.{1,20}/", $bsuburb) && $bsuburb != "") {
        $errMsg .= "<p>Maximum of 20 characters for your billing suburb.</p>";
    }
    if (!preg_match("/[0-9]{4}/", $bpostcode) && $bpostcode != "") {
        $errMsg .= "<p>Exactly four digits for your billing postcode.</p>";
    }
    function checkPostcode($bstate, $bpostcode)

Beispiel #5

Datei: vendorquery.php Projekt: beahuang/Short-Training-Course

session_start();
function sanitise_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
$orderType = sanitise_input($_POST["orderType"]);
$firstNameKey = sanitise_input($_POST["firstNameKey"]);
$lastNameKey = sanitise_input($_POST["lastNameKey"]);
$productKey = sanitise_input($_POST["orderProduct"]);
$statusKey = sanitise_input($_POST["orderStatusKey"]);
$updateOrderNumber = sanitise_input($_POST["updateOrderNumber"]);
$updateOrderStatus = sanitise_input($_POST["orderStatus"]);
$deleteOrderNumber = sanitise_input($_POST["deleteOrderNumber"]);
switch ($orderType) {
    case "all":
        $_SESSION["vendorQuery"] = "SELECT * FROM orders ORDER BY order_id";
        break;
    case "name":
        $_SESSION["vendorQuery"] = "SELECT * FROM orders WHERE firstname='{$firstNameKey}' AND lastname='{$lastNameKey}'";
        break;
    case "product":
        $_SESSION["vendorQuery"] = "SELECT * FROM orders WHERE course='{$productKey}'";
        break;
    case "status":
        $_SESSION["vendorQuery"] = "SELECT * FROM orders WHERE order_status='{$statusKey}'";
        break;
    case "cost":
        $_SESSION["vendorQuery"] = "SELECT * FROM orders ORDER BY cost";