Quote:
Originally Posted by kisazeky
I included this
PHP Code:
$id = $_POST["id"]; $id = preg_replace("/[^a-zA-Z0-9s]/", "", $id); $newname = $_POST["newname"]; $newname = preg_replace("/[^a-zA-Z0-9\\040.]/", "", $newname);
What do I need to include to filter these injections, Rsmiley?
Edit: Maybe this will protect it?
Adding this to functions.php:
PHP Code:
function cleanQuery($string) { if(get_magic_quotes_gpc()) // prevents duplicate backslashes { $string = stripslashes($string); } if (phpversion() >= '4.3.0') { $string = mysql_real_escape_string($string); } else { $string = mysql_escape_string($string); } return $string; }
Then adding this line in rename2.php:
PHP Code:
if (isset($_POST['newname'])) $newname = cleanQuery($_POST['newname']);
What do you think Rsmiley?
It certainly does not hurt anything.
|
EDIT: I'm assuming that
PHP Code:
if (isset($_POST['newname'])) $newname = cleanQuery($_POST['newname']);
goes here:
Code:
$newname = $_POST["newname"];
but I get this error: "
PHP Error Message
Parse error: syntax error, unexpected T_IF in /home/---------/public_html/rename2.php on line 78
Free Web Hosting"