0

I basically trying to capture the input information then print the on the screen. Noted, that I must implement filter input and escape output. Please checked whether this result is correct:

receive.php

<html>

<?php

$nama = isset($_POST['nama']) ? $_POST ['nama'] : '';
$color =  isset($_POST['color']) ? $_POST ['color'] : '';


$newnama = htmlspecialchars($nama, ENT_QUOTES);
$newcolor =  htmlspecialchars($color, ENT_QUOTES);


RemoveBad($newnama);
RemoveBad($newcolor);

// filter input

function RemoveBad($strTemp) { 
    $strTemp = $strTemp.replace("/<|>|||%|;|(|)|&|+|-/g","");
    return $strTemp;
} 

?>

<h1> Print Output </h1>
Nama  :  <?php echo $newnama ?>
Color   :  <?php echo $newcolor ?>

</html>




Fatal error: Call to undefined function replace() in C:xampphtdocsphp_exercisereceive.php on line 19
line 19:     $strTemp = $strTemp.replace("/<|>|||%|;|(|)|&|+|-/g","");

Edited by davy_yg: add new information

4
Contributors
10
Replies
12
Views
5 Years
Discussion Span
Last Post by pritaeas
0

use preg_replace. .replace is js. Also I think you need to do this:

$newnama = RemoveBad($newnama);
$newcolor = RemoveBad($newcolor);

Otherwise you're just returning the operation to nothing.

0

Warning: preg_replace() expects at least 3 parameters, 2 given in C:\xampp\htdocs\php_exercise\receive.php on line 19

0

Hi, I have modified line 19 to:

$strTemp = $strTemp.preg_replace("/\<|>|\|\|\%|\;|(|)|\&|+|-/","", $strTemp);

I tested the program :

<html>
Spoofed Form Security
<form action="receive.php" method="POST">
Nama:
<input type="textbox" name="nama"></br>
Warna Favorit: <select name="color">
<option value="red">red</option>
<option value="green">green</option>
<option value="blue">blue</option>
</select>
<input type="submit">
</form>

Nama: fasfasd(
Warna: red

Output: Nama : sdfsdfsd(sdfsdfsdColor : redred

It suppose to delete the ( sign and all others strange sign. How ?

0

I still do not understand. can you copy my codes and show me where exactly to place the backslash? you mean like this:

$strTemp = $strTemp.replace
/ ("/<|>|||%|;|(|)|&|+|-/g","");

Edited by davy_yg

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.