0

spoofedform.php

<html>
Spoofed Form Security
<form action="receive.php" method="POST">
Nama:
<input type= "textbox" name="nama"></br>
Warna Favorit: <select name="color">
<option value="red">red</option>
<option value="green">green</option>
<option value="blue">blue</option>
</select>
<input type="submit">
</form>

receive.php

<?php

$nama = isset($_POST['nama']) ? $_POST ['nama'] : '';
$color =  isset($_POST['color']) ? $_POST ['color'] : '';

// escape output

$newnama = htmlspecialchars($nama, ENT_QUOTES);
$newcolor =  htmlspecialchars($color, ENT_QUOTES);

// filter input

$newnama = RemoveBad($newnama);
$newcolor = RemoveBad($newcolor);

function RemoveBad($strTemp) { 
    $strTemp = preg_replace('/<|>|\||%|;|\(|\)|&|\+|-/i', '', $strTemp);
    return $strTemp;
} 

?>

It works already. I would like to filter out more symbols form the name input such as : $ and @

how? what should I add next to i ?

2
Contributors
1
Reply
3
Views
5 Years
Discussion Span
Last Post by niranga
0

Try,

$strTemp = preg_replace('/<|>|\||%|;|\(|\)|&|\+|-|:|\x24|@/i', '', $strTemp);

NOTE: \x24 will replace $ sign

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.