Hey, what's going on?

Quite secure PHP form input with POST (and also GET) method

Posted by Syeilendra Pramuditya on October 19, 2018

<?php
print '
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>PHP Form Input</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form name="form1" method="post" action="'.$_SERVER['PHP_SELF'].'">
  <input name="text1" type="text" id="text1" size="50">
  <input name="submit" type="submit" id="submit" value="Submit">
</form>
</body>
</html>
';

function test_input($data){
  $data = trim($data);
  $data=str_replace("'","^",$data);
  $data=str_replace("`","^",$data);
  $data=str_replace('"','^',$data);
  $data=str_replace('$','^',$data);
  $data=str_replace(';','^',$data);
  $data = htmlspecialchars($data);
  $data = addslashes($data);
  return $data;
}

if ($_SERVER["REQUEST_METHOD"] == "POST") {
$text1 = test_input($_POST['text1']);
print '<h1>'.$text1.'</h1>';
}
?>

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

 
%d bloggers like this: