/    Sign up×
Community /Pin to ProfileBookmark

Why This Fails ? filter_input(INPUT_GET, “keyword”, FILTER_SANITIZE_STRING)) ?

Copy linkTweet thisAlerts:
Jul 25.2021

Hi,

I do not understand why I get the error echoed:
**Enter a valid Keyword!**

I input “keyword” in the search box. The “keyword” is a valid string and so I should never get the error echoed!

This particular bit is causing the issue …

[code]
if($col==’keyword’)
{
if(!filter_input(INPUT_GET, “keyword”, FILTER_SANITIZE_STRING))
{
die(‘Enter a valid Keyword!’);
}
else
{
$keyword = $find;
}
[/code]

The url is:
https://localhost/Templates/Pagination_Template.php?find=keyword&table=links&column=keyword

CONTEXT …

““
<html>
<head>
<title>
Searchengine Result Page
</title>
</head>
<body>

<form method = ‘GET’ action = “”>
<label for=’find’>Find</label>
<input type=’text’ name=’find’ id=’find’>
<br>
Table:
<input type=’radio’ name=’table’ id=’sale’ value=’sale’><label for=’sale’>Websites On Sale</label>
<input type=’radio’ name=’table’ id=’sold’ value=’sold’><label for=’sold’>Websites Sold</label>
<input type=’radio’ name=’table’ id=’links’ value=’links’><label for=’links’>Links</label>
<br>
<label for=”column”>Column:</label>
<select name=”column” id=”column”>
<option value=””></option>
<option value=”domain”>Domain</option>
<option value=”email”>Email</option>
<option value=”submission_id”>Submission Id</option>
<option value=”url”>Url</option>
<option value=”anchor”>Anchor</option>
<option value=”description”>Description</option>
<option value=”keyword”>Keyword</option>
</select>
<br>
<button type=’submit’>Search!</button>
</form>
</body>
</html>

<?php
//SECTION: WHITE-LISTS.
//Valid list of Mysql Tables.
$tables_white_list = array(‘sale’,’sold’,’links’);
//Valid list of Mysql Table Columns.
$columns_white_list = array(’email’,’domain’,’url’,’anchor’,’description’,’keyword’);
//Banned Words List. Users cannot search these keywords.
$blacklisted_words = array(‘prick’,’dick’);

//SECTION: VALIDATE SERP URL.
//Check if “table” exists or not in Url’s Query String.
if(!empty(trim($_REQUEST[‘table’])) && is_string(trim($_REQUEST[‘table’])))
{
if(in_array(trim($_REQUEST[‘table’]),$tables_white_list)) //MySql Tbl to Search.
{
$tbl = trim($_REQUEST[‘table’]);
}
else
{
die(‘Invalid Table!’);
}
}
else
{
die(‘Select Table!’);
}

//Check if “column” exists or not in Url’s Query String.
if(!empty(trim($_REQUEST[‘column’])) && is_string(trim($_REQUEST[‘column’])))
{
if(in_array(trim($_REQUEST[‘column’]),$columns_white_list)) //MySql Tbl Col to search.
{
$col = trim($_REQUEST[‘column’]);
}
else
{
die(‘Invalid Column!’);
}
}
else
{
die(‘Select Column!’);
}

//Check if “search term” exists or not in Url’s Query String.
if(empty(trim($_REQUEST[‘find’])) || !is_string(trim($_REQUEST[‘find’]))) //Using $_REQUEST[] for both $_REQUEST[‘POST’] & $_REQUEST[‘REQUEST’].
{
die(‘Enter Keywords to search!’);
}
else
{
if(in_array(trim($_REQUEST[‘find’]),$blacklisted_words)) //Keyword(s) to search.
{
die(‘Your search terms contains a banned word! Try some other keywords’);
}
else
{
$find = $_REQUEST[‘find’]; //Not trimming or ridding trailing spaces here as user’s keyword (eg. foreign keywords or symbols) may actually contain such spaces.

if($col==’submission_id’)
{
if(!is_INT($find))
{
die(‘Enter a valid Submission Number! Can only be a numerical value.’);
}
else
{
$submission_id = $find;
}
}

if($col==’email’)
{
if(!filter_input(INPUT_GET, “email”, FILTER_VALIDATE_EMAIL))
{
die(‘Enter a valid Email!’);
}
else
{
$email = $find;
}
}

if($col==’domain’)
{
if(!filter_input(INPUT_GET, “domain”, FILTER_VALIDATE_DOMAIN))
{
die(‘Enter a valid Domain!’);
}
else
{
$domain = $find;
}
}
if($col==’url’)
{
if(!filter_input(INPUT_GET, “url”, FILTER_VALIDATE_URL))
{
die(‘Enter a valid Url!’);
}
else
{
$url = $find;
}
}

if($col==’anchor’)
{
if(!filter_input(INPUT_GET, “anchor”, FILTER_VALIDATE_STRING)) //HOW TO VALIDATE STRING ?
{
die(‘Enter a valid Description!’);
}
else
{
$description = $find;
}
}

if($col==’description’)
{
if(!filter_input(INPUT_GET, “description”, FILTER_SANITIZE_STRING)) //HOW TO VALIDATE STRING ?
{
die(‘Enter a valid Description!’);
}
else
{
$description = $find;
}
}

if($col==’keyword’)
{
if(!filter_input(INPUT_GET, “keyword”, FILTER_SANITIZE_STRING))
{
die(‘Enter a valid Keyword!’);
}
else
{
$keyword = $find;
}
}
}
}
?>
““

to post a comment
PHP

3 Comments(s)

Copy linkTweet thisAlerts:
@NogDogJul 25.2021 — There is no field named "keyword" in the URL query string. (There are two fields with a _value_ of "keyword", but that's not what that function looks for.)

https://www.php.net/filter_input
Copy linkTweet thisAlerts:
@developer_webauthorJul 25.2021 — @NogDog#1634706

Thanks. Managed to fix this few mins back.

You may close this thread.

Cheers!
Copy linkTweet thisAlerts:
@NogDogJul 25.2021 — {"locked":true}
×

Success!

Help @developer_web spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 4.27,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...