Re: multiple forms one page

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Aug 27, 2012 at 12:08 AM, Rosie Williams
<rosiemariewilliams@xxxxxxxxxxx> wrote:
>
> Hi all,
> I am a newbie to PHP. I have several php forms which were originally on separate pages now included in the one page. Each form had the following code in it:
> function mysql_fix_string($string){     if (get_magic_quotes_gpc()) $string = stripslashes($string);    return mysql_real_escape_string($string);}
> function mysql_entities_fix_string($string){    return htmlentities(mysql_fix_string($string));}
> However I am only able to include it in one of the forms on the new page with multiple scripts due to the fatal error that I can only declare the function once.

You only have to declare the function(s) once, then you can use them
later in the page. You can also put code into files and then
dynamically include them in other files to make it easier to share
functionality.

> So for testing I have commented these lines out of the other scripts. I need to know what the security implications of > this are?

For security, the simple rule (at least in terms of statement of
intent, not necessarily in terms of implementation) is that you should
validate input and escape output according to context. Without seeing
more code, it's hard to tell what this means for your particular
example.

> Do the scripts that do not contain these lines run without it or is it included automatically every time the database is accessed regardless of which script is accessing it?
> If not how do I deal with it?
> thanks in advanceRosie

Hard to know from your example. There are some great resources
covering general PHP security practices that can help you get up to
speed a bit. Here's an oldie but goodie that might help shed some
light on some of the code you're seeing:
http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/index.html

Happy learning!

Adam

-- 
Nephtali:  A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux