ben03 Posted December 17, 2020 Share Posted December 17, 2020 Hi there, I was using the https://www.w3schools.com/php/php_form_validation.asp tutorial to create a form that strips out malicious tags etc via the following. However when I receive the form the tags seem to be intact. Is what I am doing wrong and how should I correct it if so? <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> <?php $phone = $location = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { $phone = test_input($_POST["phone"]); $location = test_input($_POST["location"]); $toEmail = 'email@address.com'; $emailSubject = 'Callback request form'; $headers = ['From' => 'homepage', 'Reply-To' => 'noreply', 'Content-type' => 'text/html; charset=iso-8859-1']; $bodyParagraphs = ["Callback request number: {$phone}<br />", "Location: {$location}"]; $body = join(PHP_EOL, $bodyParagraphs); if (mail($toEmail, $emailSubject, $body, $headers)) { echo '<p>Thank you for your interest, we will respond as soon as possible.</p>'; } else { echo '<p>Something went wrong. Please try again later.</p>'; } } function test_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } ?> Link to comment Share on other sites More sharing options...
Ingolme Posted December 18, 2020 Share Posted December 18, 2020 The tags aren't removed, they're just converted into text so that they can't be interpreted as HTML. Link to comment Share on other sites More sharing options...
ben03 Posted December 18, 2020 Author Share Posted December 18, 2020 ah ok, thanks Ingolme. Are there other security concerns with forms that should be addressed or does this technique generally cover most? Link to comment Share on other sites More sharing options...
niche Posted December 19, 2020 Share Posted December 19, 2020 Potentially, there are all kinds to potential security issues not covered by: http:// https://www.w3schools.com/php/php_form_validation.asp Everything from malicious attacks to cleaning inputs. Link to comment Share on other sites More sharing options...
niche Posted December 19, 2020 Share Posted December 19, 2020 Just now, niche said: Potentially, there are all kinds to potential security issues not covered by: http:// https://www.w3schools.com/php/php_form_validation.asp Everything from malicious attacks to cleaning inputs. EDIT: PDO doesn't even cover them all. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now