My HTML Tags won't be stripped from $this->username
I am trying to strip my tags because someone keeps hacking my website by using the old ">blah as their username. For some reason my strip_tags() is not stripping the tags, but the addslashes() is working.
I don't know if I left off a bracket - but here is the code:
public function register() {
$correct = false;
try {
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$this->username = strip_tags($this->username);
$this->username = addslashes($this->username);
$sql = "INSERT INTO User_Agents(username, password) VALUES(:username, :password)";
$stmt = $con->prepare( $sql );
$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->execute();
return "Registration Successful <br/> <a href='index.php'>Login Now</a>";
}catch( PDOException $e ) {
return $e->getMessage();
}
}
This is what it turns out to when it goes into my database:
Solution
Simply disallowing usernames that can lead to problems might be a more simple/efficient solution. For example a preg_match("/^[a-zA-Z0-9\._]+$/", $username) would allow you to reject usernames that contain other characters than letters, digits, dots, or underscores.
- DataTables warning: table id=DataTables_Table_0 - Ajax error - Laravel
- Merge Laravel Resources into one
- No php.ini with brew
- WordPress delete checkout button from cart widget
- Selecting Multiple values in CHtml::dropdownlist yii
- Rename file in PHPStorm without refactoring
- Convert timestamp like Facebook and Twitter
- Configure Apache2 to host REST API
- How to programmatically add an ACF group to the backend of Wordpress?
- What is the correct php type for fields with TCA type json?
- Remove duplicated from multidimensional array
- How to pass short codes to Gravity Forms email WordPress
- How can I solve "laravel/horizon v1.1.0 requires ext-pcntl * -> the requested PHP extension pcntl is missing from your system"?
- iPhone that talks to the server
- Codeigniter active record update query to conditionally increment a column value
- Combining `where` and `like` statements by using the CI activerecords
- Code Igniter - MySQL query using where and like
- How can get First character of string of any html tag and bind to other tag in php?
- How to add remote code to prevent code distribution
- Filling Data from MySQL not happening in Modal Form
- Adding Class to img Container based on Post Thumbnail Orientation
- Laravel get data based on date
- Add value from string to Google Ads as conversion value issue
- Yii 2 GridView Link Not Working
- Laravel Datepicker Failed to parse time string
- Redirect domain and subdomain in SF2
- Make text between asterisks bold
- Convert MIME type to file Extension PHP
- How to get WooCommerce product category url to display it in HTML meta tag?
- Wordpress 403/404 Errors: You don't have permission to access /wp-admin/themes.php on this server