Security PHP part(3)

Assalamualaikum and selamat sejahtera

As we already learn at previous post ,we only learn on function that just straightly print out the any special characters or code.But,unfortunately that function is not that dynamic because maybe some special characters or code,we think that it is not harmful.So,for this post we will learn a function that enable us to select any characters and this function will read the selected the characters instead of straightly print......Word is not good as i show the picture,ryte?So,below i show to you,the function that i talk about.

The function is:  strip_tags($string,tags-that-to-ignore);

So,here is the situation,we want the power up the security that we want to block any tags that might harmful such as anchor tag(<A HREF="aaa"></A>) that link to any website.But,for bold tag(<B></B>) is not a harmful tag ryte...it just bold some text.So,to make this situation happen.First,we copy first the previous code ,then find this line:

$name = $_POST['name'];
echo $name;

and change it to this:

$name = $_POST['name'];
$name = strip_tags($name, "<B>");
echo $name;

Run it,and type this code below inside the textbox ,then click the 'send'  button:

<B>Hye,i'm a bold text</B>

it should display right this,ryte?
 

   That all for today!!any question??just ask here

N/nOtE:So,we can unblock any tag that we want,just only one type of tag only.

Security PHP part(2)

Assalamualaikum and selamat sejahtera

Wow,its been a long time that i stop to post.Well,something happen must have some reason to cause  it happened ,right?huhuhu...the reason is i'am quite busy recently.doing some homework..like sweeping the leaves,throw some thrash,reading comic(Shin Chan),sleeping and some jobs that i think it quite reasonable to do,haha.Okey,just stop this some nonsense things,now we just continue what we have not done yet.

To follow this post please refer the previous post first.

There is a lot of ways to tackle this attack,so,for this post,we will only learn the two function to practice the security.

So,the first function is htmlspecialchars().Here is the example:

First copy this code:

 <html>
<head>
<title>Security PHP</title>

<?PHP

if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$name = $_POST['name'];
echo $name;
}

?>

</head>
<BODY>
<Form Method = "Post" action ="SecurityinPHP.php">
<input type = "text" name = "name" value ="Test full name">
<input type="submit" name="Submit" value="send">
</Form>
</BODY>
</html>

 and then,try to change this line:

$name = $_POST['name'];
echo $name;
 
to this:

$name = $_POST['name'];
$name = htmlspecialchars($name);
echo $name;

 Then,run your code and type this code below into the textbox,then click "send" button:

"<A HREF ="dummysite">A Bad/Virused Site</A>"
  
it should display right this ryte:

 So,it means that the textbox does not longer read any special characters or any code anymore just like the previous post.It just straightly print the code or any special characters without read it.It quite safe right.But how about if the attacker use the different language like Russia,Germany,Arabic and others than English.Do not worry we have another flexible function that called htmlentities().To test it,just replace it with htmlspecialchars()  at the code.

Thank you,that's all for today,See you next time,hahaha


N/NOte :i'm more prefer on htmlentities() rather that htmlspecialchars().If you got something to ask or to add,just comment here..^^