reGative Posted November 18, 2011 Report Share Posted November 18, 2011 Sveiki! Es gribu uzzināt, kā tie dati tiek pārbaudīti. Tiek ievadīts $_POST, piemēram, $_POST['vards'], pirms pārbauda, vai nav tukšs, izlaiž cauri trim() un pēc tam ievieto datubāzē ar funkciju mysql_real_escape_string($_POST['vards']). Izvada no datubāzes htmlspecialchars($_POST['vards']). Tā ir pareizi? Quote Link to comment Share on other sites More sharing options...
briedis Posted November 18, 2011 Report Share Posted November 18, 2011 Principā jā. Quote Link to comment Share on other sites More sharing options...
reGative Posted November 18, 2011 Author Report Share Posted November 18, 2011 Tad kāpēc nosūtot Sveiki! Šis ir komentārs! Vietā ir Sveiki!\nŠis ir komentārs! Skatā ir htmlspecial... un nl2br() Kontrolleris: if (isset($_GET['do']) and $_GET['do'] == 'comment') {//Ja viss kārtībā, turpinam if ($_SESSION['token'] == $_GET['token']) { $name = trim($_POST['name']); $artcl_id = trim($_POST['artcl_id']); $homepage = trim($_POST['homepage']); $text = trim($_POST['text']); $ip = trim($_SERVER['REMOTE_ADDR']); if (!empty($name) and !empty($artcl_id) and !empty($text)) { if (!empty($homepage)) { Model::factory('index') ->send_commentar_with_homepage(mysql_real_escape_string($name), mysql_real_escape_string($artcl_id), mysql_real_escape_string($text), mysql_real_escape_string(time()), mysql_real_escape_string($homepage), mysql_real_escape_string($ip)); Model::factory('index')->update_comment_count($artcl_id); } else { Model::factory('index') ->send_commentar(mysql_real_escape_string($name), mysql_real_escape_string($artcl_id), mysql_real_escape_string($text), mysql_real_escape_string(time()), mysql_real_escape_string($ip)); Model::factory('index')->update_comment_count($artcl_id); } ?> <script type="text/javascript"> alert("Paldies par komentāru! :)"); </script> <meta http-equiv="REFRESH" content="0;url=/article/<?php echo $slug; ?>"/> <?php } else { ?> <script type="text/javascript"> alert("Kļūda! Tika ievietots tukšums! :)"); </script> <meta http-equiv="REFRESH" content="0;url=/article/<?php echo $slug; ?>"/> <?php } } else{ ?> <script type="text/javascript"> alert("Tu esi cilvēks? :)"); </script> <meta http-equiv="REFRESH" content="0;url=/article/<?php echo $slug; ?>"/> <?php } } Quote Link to comment Share on other sites More sharing options...
briedis Posted November 18, 2011 Report Share Posted November 18, 2011 Kas tās par perversijām? <meta http-equiv="REFRESH" content="0;url=/article/<?php echo $slug; ?>"/> Ir taču header("Location.. !! Quote Link to comment Share on other sites More sharing options...
reGative Posted November 18, 2011 Author Report Share Posted November 18, 2011 Labi, var būt tiešām šī metode ir galīgi garām ,bet vai var kāds paskaidrot, kāpēc tā sanāk? (ko aprakstīju iepriekšējā savā postā)? Quote Link to comment Share on other sites More sharing options...
Kemito Posted November 19, 2011 Report Share Posted November 19, 2011 Samaini funkcijas izpildes vietām, ja tev ir sākumā htmlspecialchars(nl2br()) tad sāc ar nl2br(htmlspecialchars()), tam vaidzētu nostrādāt :) Quote Link to comment Share on other sites More sharing options...
daGrevis Posted November 19, 2011 Report Share Posted November 19, 2011 Jo, reāli... spešal-čars "sabojās" HTML, bet ko nl2br() dara? Rada HTML! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.