Folks,
Is not this following code taught in tutorials ridiculous ?
“`
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data); //Strips only Backward Slashes. Not Forward Slashes.
**$data = htmlspecialchars($data);
$data = strip_tags($data);**
return $data;
}
Note the 2 **asterisked
Why ? Here’s why …
If the input is this:
[code]
$input_3 = ‘<a href=”http://www.url.com/index.php”>Link</a>’;
Then this line is ignored:
[code]
$data = strip_tags($data);
As the output is this:
**<a href=”
If striptags() is ignored then what’s the use of having it after the line:
[code]
$data = htmlspecialchars($data);
See my point ?
And so, the code must be either of the two:
[code]
<?php
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data); //Strips only Backward Slashes. Not Forward Slashes.
$data = htmlspecialchars($data);
return $data;
}
$input_3 = ‘<a href=”http://www.url.com/index.php”>Link</a>’;
echo test_input($input_3);
?>
[code]
<?php
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data); //Strips only Backward Slashes. Not Forward Slashes.
$data = striptags($data);
return $data;
}
$input_3 = ‘<a href=”http://www.url.com/index.php”>Link</a>’;
echo test_input($input_3);
?>
But not both, like this:
[code]
<?php
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data); //Strips only Backward Slashes. Not Forward Slashes.
$data = htmlspecialchars($data);
$data = striptags($data);
return $data;
}
$input_2 = ‘http://www.url.com/index.php’;
$input_3 = ‘<a href=”http://www.url.com/index.php”>Link</a>’;
echo test_input($input_3);
?>
Yes or no ?