Hi,

I have never really been aware of this before, but we have a client who has told us our forms are vunerable to attacks. So we have to change them. I found a function which allows us to fix this problem, but we are unsure how to implement it into our code. Here is our script:

PHP Code:
<?
//# Include the connections script to make a database connection.

include("inc/connect.inc");

//# The form should post to itself.
if ( $_POST['submit'] ) {


$valid 1;

//# The fields all follow this patern.
//# If you do not require an error check for a field then just use the
//# post field method and not the error check method

$Tabletop_Microscope $_POST['Tabletop_Microscope'];

$Name $_POST['Name'];
if ( empty(
$Name) ) {
$valid 0;
$Name_error '<b><font face="Tahoma" color="#FF0000" size=4><span class="style57">Please Enter your Name</span></font></b>';
}

$Company_Name $_POST['Company_Name'];
if ( empty(
$Company_Name) ) {
$valid 0;
$Company_Name_error '<b><font face="Tahoma" color="#FF0000" size=4><span class="style57">Please Enter your Company Name</span></font></b>';
}

$Telephone $_POST['Telephone'];
if ( empty(
$Telephone) ) {
$valid 0;
$Telephone_error '<b><font face="Tahoma" color="#FF0000" size=4><span class="style57">Please Enter your Telephone Number</span></font></b>';
}

$Email $_POST['Email'];
$Web_Site_Comments $_POST['Web_Site_Comments'];

$antispambox $_POST['antispambox'];
if (
$antispambox == '73634') {}
else
{
$valid 0;
$antispambox_error '<b><font face="Tahoma" color="#FF0000" size=4><span class="style57">Please Enter the Numbers as shown in bold</span></font></b>';
}

// End of error checking.

if ( $valid == 
{
      
// In testing, if you get an Bad referer error
      // comment out or remove the next three lines
      
if (strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])>||
         !
strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST']))
         die(
"Bad referer");
      
$msg="This is the information received from the Spectroscopy Enquiry Form.:\n\n";
      foreach(
$_POST as $key => $val){
         if (
is_array($val)){
            
$msg.="Item: $key\n";
            foreach(
$val as $v){
               
$v stripslashes($v);
               
$msg.="***$v\n";
            }
         } else {
            
$val stripslashes($val);
            
$msg.="$key$val\n";
         }
      }
      
$recipient="*****";
      
$subject="Enquiry Form";
      
error_reporting(0);
      if (
mail($recipient$subject$msg)){
         echo 
nl2br($input);
      } else
         echo 
"An error occurred and the message could not be sent.";

 
header("Location: thanks.php");
 exit;
}
 }
?>
And here is the function. Now can someone tell me if we have to run this function on every field in the form???

PHP Code:
function RemoveXSS($val) { 
    
// remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed 
    // this prevents some character re-spacing such as <java\0script> 
    // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs 
    
$val preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/'''$val); 
     
    
// straight replacements, the user should never need these since they're normal characters 
    // this prevents like <IMG SRC=&#X40&#X61&#X76&#X61&#X73&#X63&#X72&#X69&#X70&#X74&#X3A&#X61&#X6C&#X65&#X72&#X74&#X28&#X27&#X58&#X53&#X53&#X27&#X29> 
    
$search 'abcdefghijklmnopqrstuvwxyz'
    
$search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
    
$search .= '1234567890!@#$%^&*()'
    
$search .= '~`";:?+/={}[]-_|\'\\'
    for (
$i 0$i strlen($search); $i++) { 
        
// ;? matches the ;, which is optional 
        // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars 
     
        // &#x0040 @ search for the hex values 
        
$val preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i'$search[$i], $val); // with a ; 
        // &#00064 @ 0{0,7} matches '0' zero to seven times 
        
$val preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/'$search[$i], $val); // with a ; 
    

     
    
// now the only remaining whitespace attacks are \t, \n, and \r 
    
$ra1 = Array('javascript''vbscript''expression''applet''meta''xml''blink''link''style''script''embed''object''iframe''frame''frameset''ilayer''layer''bgsound''title''base'); 
    
$ra2 = Array('onabort''onactivate''onafterprint''onafterupdate''onbeforeactivate''onbeforecopy''onbeforecut''onbeforedeactivate''onbeforeeditfocus''onbeforepaste''onbeforeprint''onbeforeunload''onbeforeupdate''onblur''onbounce''oncellchange''onchange''onclick''oncontextmenu''oncontrolselect''oncopy''oncut''ondataavailable''ondatasetchanged''ondatasetcomplete''ondblclick''ondeactivate''ondrag''ondragend''ondragenter''ondragleave''ondragover''ondragstart''ondrop''onerror''onerrorupdate''onfilterchange''onfinish''onfocus''onfocusin''onfocusout''onhelp''onkeydown''onkeypress''onkeyup''onlayoutcomplete''onload''onlosecapture''onmousedown''onmouseenter''onmouseleave''onmousemove''onmouseout''onmouseover''onmouseup''onmousewheel''onmove''onmoveend''onmovestart''onpaste''onpropertychange''onreadystatechange''onreset''onresize''onresizeend''onresizestart''onrowenter''onrowexit''onrowsdelete''onrowsinserted''onscroll''onselect''onselectionchange''onselectstart''onstart''onstop''onsubmit''onunload'); 
    
$ra array_merge($ra1$ra2); 
     
    
$found true// keep replacing as long as the previous round replaced something 
    
while ($found == true) { 
        
$val_before $val
        for (
$i 0$i sizeof($ra); $i++) { 
            
$pattern '/'
            for (
$j 0$j strlen($ra[$i]); $j++) { 
                if (
$j 0) { 
                    
$pattern .= '('
                    
$pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?'
                    
$pattern .= '|(&#0{0,8}([9][10][13]);?)?'
                    
$pattern .= ')?'
                } 
                
$pattern .= $ra[$i][$j]; 
            } 
            
$pattern .= '/i'
            
$replacement substr($ra[$i], 02).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag 
            
$val preg_replace($pattern$replacement$val); // filter out the hex tags 
            
if ($val_before == $val) { 
                
// no replacements were made, so exit the loop 
                
$found false
            } 
        } 
    } 
    return 
$val