BaLtAzAr

Can someone tell me what's wrong with this code.In a nice add anything you do not want to add, cat_id.Can someone tell me where is the mistake here <?phpinclude_once('podesavanja.php');session_start();function kategorije($id = null){$categories = array();$query = mysql_query("SELECT `id`, `ime` FROM `cat`");while($row = mysql_fetch_assoc($query)){$categories = $row;}}if (isset($_POST['naslov']) && isset($_POST['tekst']) && isset($_POST['cat'])){$naslov = $_POST['naslov'];$cat = (int) $ime;$tekst = $_POST['tekst'];$date = date ("Y-m-d H:i:s");$naslov = strip_tags($naslov,"<a><abbr><acronym><address><applet><area><b><base><basefont><bdo><big><blockquote><br><button><caption><center><cite><col><colgroup><dd><del><dfn><dir><div><dl><dt><em><fieldset><font><form><h1><h2><h3><h4><h5><h6><hr><i><img><input><ins><isindex><kbd><label><legend><li><link><map><menu><object><ol><optgroup><option><p><param><pre><q><s><samp><select><small><span><strike><strong><style><sub><sup><table><tbody><td><textarea><tfoot><th><title><tr><tt><u><ul><var>");$tekst = strip_tags($tekst,"<a><abbr><acronym><address><applet><area><b><base><basefont><bdo><big><blockquote><br><button><caption><center><cite><col><colgroup><dd><del><dfn><dir><div><dl><dt><em><fieldset><font><form><h1><h2><h3><h4><h5><h6><hr><i><img><input><ins><isindex><kbd><label><legend><li><link><map><menu><object><ol><optgroup><option><p><param><pre><q><s><samp><select><small><span><strike><strong><style><sub><sup><table><tbody><td><textarea><tfoot><th><title><tr><tt><u><ul><var>");if(empty($naslov)){$error = "Molim vas unesite naslov!!!";}if(strlen($naslov) > 255){$error = "Naslov nesme sadrzati vise od 255 slova!!!";}if(empty($tekst)){$error = "Molim vas unesite tekst!!!";}if(empty($error)){$q = mysql_query("INSERT INTO `".$db_user."`.`blog` (`id`, `naslov`, `blog`, `addedby`, `Date`, `cat_id`) VALUES (NULL, '".$naslov."', '".$tekst."', '".$_SESSION['username']."', '".$date."', '".$cat."');");die ("uspesno dodat artikal: ".$naslov." Vratite se na admin-cp <a href=\"admin.php\">Admin cp </a><br /> ");}}if($_SESSION['username'])echo "Dobrodosli ovde dodajete artikle vasem blogu ";elsedie ("Morate biti ulogovani dabiste videli ovo stranicu <form action='login.php' method='post'><input type='submit' value='Login' /></form>");?><html><head><link rel="stylesheet" type="text/css" href="style/style.css" /></head><body><form action="addnew.php" method="post"><?phpif(! empty($error)){echo "<ul><li>".$error."</li></ul>";}?>Naslov:<input type="text" name="naslov"/><br /><br /><br /><label for="tekst">Tekst:</label></br><textarea name="tekst" id="data" style="width:500px; height: 300px;"></textarea><br /><select name="cat"><?phpforeach(kategorije() as $category){?><option value="<?php echo $category['id']; ?>"><?php echo $category['name']; ?></option><?php}?></select></br><input type="submit" name="posalji" value="posalji" id="sub"/></form><form action="logout.php" method="post"><input type="submit" name="logout" value="logout" id="sub"/></form><a href="admin.php">Admin cp </a><br /></body></html>

Do you write me to me some code to prohibit entry XSS code and php scripts to redirect? Sory for bad english

bump

Hello everyone.I am learning php and I started with the development of blog scripts.Most of the scripts I did for example:-Admin can add post-Admin can edit post-Admin can delete the post-Admin can give another user admin-Admin can change any code-Admin can delete someone adminThis is only the v1 in the next version will be much more botheringme but now if one admin to another user, admin, and now the adminthrough the form they want to add a post and put in a post such as:<script type = "text / javascript">windows.location = ("http :/ / www.google.com")</ script>Now when someone wants to look at this post because it will not be able to redirect it to the site www.google.comPosts are entered via the form to the mysql databaseNow I want to deprive any unso script or to prohibit entry <script> iltag to deprive <? php header ('Location: http://www.yoursite.com/new_page.html');?>Thanks in advance