I have this code as anti-html and sql injection for a online game but it doesn't work and gives me the following error:
Fatal error: Only variables can be passed by reference
Here is my code:
$_POST = str_replace('<', '>', '\'', '\'', '\\', '<', '>', '"', '' ', '\', $_POST);
$_GET = str_replace('<', '>', '\'', '\'', '\\', '<', '>', '"', ''', '\', $_GET);
It's for the first of the two lines, but i'm sure that the problem will be for the second one too. I'm not good at php and these are files i took from the web.
How can i solve this?
You don't need to implement your own XSS filter, as there is already existing one
And you can take advantage of this in this way:
$_POST = filter($_POST);
$_GET = filter($_GET);
function filter(array $value) {
return is_array($value) ? array_map(__FUNCTION__, $value) : htmlentities($value);
}
This will filter nested arrays as well (in case your input was like name[])
Maybe like this :
$post_vars = array();
for ($i=0; i<count($_POST); $i++)
{
$post_vars[$i] = str_replace('<', '>', '\'', '\'', '\\', '<', '>', '"', '' ', '\', $_POST[$i]);
}
Same goes for the $_GET array.
Related
Sorry guys i'm not a programmer but i like to play and add and modify programming i'm having a problem ever since i upgraded from php 5 to 7.2 some of my codes are not working correctly like this one below.
function floatvalue($value)
{
return floatval(preg_replace_callback('#^([-]*[0-9\.,\' ]+?)((\.|,){1}([0-9-]{1,2}))*$#e', "str_replace(array('.', ',', \"'\", ' '), '', '\\1') . '.\\4'", $value));
}
if (!function_exists('mb_ucfirst') && function_exists('mb_substr')) {
function mb_ucfirst($string)
{
$string = mb_strtoupper(mb_substr($string, 0, 1)) . mb_substr($string, 1);
return $string;
}
}
The error i get is
Warning: preg_replace_callback(): Requires argument 2, 'str_replace(array('.', ',', "'", ' '), '', '\1') . '.\4'', to be a valid callback in /var/www...
i've been searching i'm not understanding what to do exactly. Anyone can help on this ? thanks!
Is there a way to achieve this?
I found this function:
function phpinfo_array($return=true){
/* Andale! Andale! Yee-Hah! */
ob_start();
phpinfo(-1);
$pi = preg_replace(
array('#^.*<body>(.*)</body>.*$#ms', '#<h2>PHP License</h2>.*$#ms',
'#<h1>Configuration</h1>#', "#\r?\n#", "#</(h1|h2|h3|tr)>#", '# +<#',
"#[ \t]+#", '# #', '# +#', '# class=".*?"#', '%'%',
'#<tr>(?:.*?)" src="(?:.*?)=(.*?)" alt="PHP Logo" /></a>'
.'<h1>PHP Version (.*?)</h1>(?:\n+?)</td></tr>#',
'#<h1>PHP Credits</h1>#',
'#<tr>(?:.*?)" src="(?:.*?)=(.*?)"(?:.*?)Zend Engine (.*?),(?:.*?)</tr>#',
"# +#", '#<tr>#', '#</tr>#'),
array('$1', '', '', '', '</$1>' . "\n", '<', ' ', ' ', ' ', '', ' ',
'<h2>PHP Configuration</h2>'."\n".'<tr><td>PHP Version</td><td>$2</td></tr>'.
"\n".'<tr><td>PHP Egg</td><td>$1</td></tr>',
'<tr><td>PHP Credits Egg</td><td>$1</td></tr>',
'<tr><td>Zend Engine</td><td>$2</td></tr>' . "\n" .
'<tr><td>Zend Egg</td><td>$1</td></tr>', ' ', '%S%', '%E%'),
ob_get_clean());
$sections = explode('<h2>', strip_tags($pi, '<h2><th><td>'));
unset($sections[0]);
$pi = array();
foreach($sections as $section){
$n = substr($section, 0, strpos($section, '</h2>'));
preg_match_all(
'#%S%(?:<td>(.*?)</td>)?(?:<td>(.*?)</td>)?(?:<td>(.*?)</td>)?%E%#',
$section, $askapache, PREG_SET_ORDER);
foreach($askapache as $m)
$pi[$n][$m[1]]=(!isset($m[3])||#$m[2]==$m[3])?#$m[2]:array_slice($m,2);
}
return ($return === false) ? print_r($pi) : $pi;
}
This function returns an array with the data from phpinfo() which looks quite like a hammer-method ;)
But it seems, like phpinfo() provides data that are not to achieve otherwisee.
Now how can I correctly turn this complicated array into valid XML?
It looks like your function will return an array.
You can easily turn this into an xml using SimpleXMLElement, by walking through your array and adding the keys and values.
There are some nice answers here.
I have a function like this:
func_seo.php
<?php
function seo_title($s) {
$c = array (' ');
$d = array ('-','/','\\',',','.','#',':',';','\'','"','[',']','{','}',')','(','|','`','~','!','#','%','$','^','&','*','=','?','+');
$s = str_replace($d, '', $s);
$s = strtolower(str_replace($c, '-', $s));
return $s;
}
?>
I want to use the function in App::Model.
I create like this, but it doesn't work:
<?php
class MyModel extends AppModel{
var $name = 'MyModel';
public function beforeSave(){
$this->element('func_seo'); //Function Element View/Elements/func_seo.php
$this->data['MyModel']['name_seo'] = seo_title($this->data['MyModel']['tutorial_name']);
return true;
}
}
?>
This code should go into a Helper as it formats the output. This will also make sure the code can be easy reused between projects. Best would be to put it into something like an Utils plugin and share that as a git submodule between the apps.
If you want to store the changed data persistent to the DB make it a behaviour instead.
Your example code is wrong because it is a violation of the MVC pattern as you try to render an element in a model which is wrong.
Your variable naming is bad. $a + $b = $c. Hey, did you know that I meant to calculate a date by this? No. always give variables meaningful names. Check the coding conventions and follow them as well. Clean code is a good read as well.
Also pay attention to the scope keywords, don't mix var with public / protected / private. If you don't know what they mean check this page.
I don't know what's the best practice to use your own functions like this, but I would actually put the stuff from func_seo.php into a Behavior, so all of your models can use it like $this->seoTitle().
It also might be a design mistake to include your generic functions like this into the app.
You can use the function like this.
<?php
class MyModel extends AppModel {
var $name = 'MyModel';
public function beforeSave() {
$this->data['MyModel']['name_seo'] = $this->seo_title($this->data['MyModel']['tutorial_name']);
return true;
}
public function seo_title($s) {
$c = array(' ');
$d = array('-', '/', '\\', ',', '.', '#', ':', ';', '\'', '"', '[', ']', '{', '}', ')', '(', '|', '`', '~', '!', '#', '%', '$', '^', '&', '*', '=', '?', '+');
$s = str_replace($d, '', $s);
$s = strtolower(str_replace($c, '-', $s));
return $s;
}
}
?>
or you can implement this function in App controller
public function seo_title($s) {
$c = array(' ');
$d = array('-', '/', '\\', ',', '.', '#', ':', ';', '\'', '"', '[', ']', '{', '}', ')', '(', '|', '`', '~', '!', '#', '%', '$', '^', '&', '*', '=', '?', '+');
$s = str_replace($d, '', $s);
$s = strtolower(str_replace($c, '-', $s));
return $s;
}
and in your controller you can set like this
$this->request->data['MyModel']['name_seo'] =
$this->seo_title($this->request->data['MyModel']['tutorial_name']);
This function already exist as Inflector::slug
How can i delete a html-special char \ from a string.
$string = 'This is \ a string with \ special characters \';
str_replace("char_to_rep","",$string); // replacing with nothing means deleting
also ref.
how-to-remove-html-special-chars
str_replace("#"," ",$string)
try this code for all special char
use str_replace and replace special char with an empty character
thanks a lot for help, but is there a better way tho do this below?
$post = '(&repl^eac&e_+';
function repleace($post) {
$array = array('.html', '.php', '±', '§', '!', '#', '€', '`', '#', '$', '%', '^', '&', '*', '(', ')', '+', '=', '<', '>', '?', '/', '|', '[', ']', ':', ';', ',', '~', '.');
$post = str_replace($array, '', $post);
$post = str_replace(' ', '_', $post);
$post = str_replace('-', '_', $post);
return strtolower('/'.$post.'/');
}
function($input) {
$input = preg_replace("/&#?[a-z0-9]{2,8};/i","",$input);
$input = ucfirst($input);
return $input;
}
The php pre_repleace function within the /&#?[a-z0-9]{2,8};/i characters works fine.
I have a doubt again on RegEx in Php.
Assume that I have a line like this
716/52 ; 250/491.1; 356/398; 382/144
I want the output to be
Replace all semi-colon with comma. I think I can do this using
$myline= str_replace(";", ",", $myline);
Interchange the numbers and replace '/' with a comma. That is, 716/52 will become 52,716. This is where I get stuck.
So, the output should be
52,716 , 491.1,250, 398,356, 144,382
I know that using sed, I can achieve it as
1,$s/^classcode:[\t ]\+\([0-9]\+\)\/\([0-9]\+\)/classcode: \2\,\1/
But, how do I do it using preg_match in php?
$str = '716/52 ; 250/491.1; 356/398; 382/144';
$str = str_replace(';', ',', $str);
$res = preg_replace_callback('~[\d.]+/[\d.]+~', 'reverse', $str);
function reverse($matches)
{
$parts = explode('/', $matches[0]);
return $parts[1] . ',' . $parts[0];
}
var_dump($res);
And working sample: http://ideone.com/BeS9j
UPD: PHP 5.3 version with anonymous functions
$str = '716/52 ; 250/491.1; 356/398; 382/144';
$str = str_replace(';', ',', $str);
$res = preg_replace_callback('~[\d.]+/[\d.]+~', function ($matches) {
$parts = explode('/', $matches[0]);
return $parts[1] . ',' . $parts[0];
}, $str);
var_dump($res);
As an alternative to Regexen you could try this:
echo join(', ', array_map(
function ($s) { return join(',', array_reverse(explode('/', trim($s)))); },
explode(';', $string)));
$str = '716/52 ; 250/491.1; 356/398; 382/144';
$str = preg_replace('(\d+(?:\.\d+)?)\/(\d+(?:\.\d+)?)', '$2,$1', $str);
$str = str_replace(';', ',', $str);
Uses two capture groups, replacing them in reverse order. See it here.