Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 4 of 4
Like Tree1Likes
  • 1 Post By ekim941

Thread: Can anyone help with this XSS coding?

  1. #1
    Member John Mc Grath's Avatar
    Join Date
    Sep 2011
    Location
    Ireland
    Posts
    80
    Member #
    29172
    Liked
    3 times

    Can anyone help with this XSS coding?

    Hi I was wondering if anyone could help me with some security code. What I am trying to do is allow the user to post a comment. My code works but unfortunately my database keeps filling up with spam. I added the code below and renamed the php page but still I get spam.

    I was wondering if anyone could have a look at the code and see if anything is wrong or if you have any suggestions to improve it or knew of some good examples. Thanks for your time.

    PHP Code:
    $name trim($_POST["name"]);if (empty($name)) {    exit("must provide a name");} $name strip_tags($name); 
    $comment trim($_POST["comment"]);if (empty($comment)) {   exit("must provide a comment");}$commentstrip_tags($comment);

    $sql="INSERT INTO reviews (name, comment)VALUES ('$name', '$comment')";</br>
    if (!
    mysqli_query($con,$sql)) {  die('Error: ' mysqli_error($con));}</br>echo "Comment added";
    mysqli_close($con); 
    Last edited by John Mc Grath; Sep 04th, 2014 at 02:13 PM.
    Im pretty new to web design but I am learning fast. I will help if I can.
    Check out my sites http://www.mediareviewzone.com http://www.iamrobsmith.com

  2.  

  3. #2
    Member
    Join Date
    Nov 2012
    Location
    Tampa. FL
    Posts
    59
    Member #
    33844
    Liked
    21 times
    Are you allowing any visitor to post a review?
    The internet is full of spam bots, you should look into using a CAPTCHA or requiring visitors to set up an account.
    John Mc Grath likes this.
    Freelance Web Developer

  4. #3
    Member John Mc Grath's Avatar
    Join Date
    Sep 2011
    Location
    Ireland
    Posts
    80
    Member #
    29172
    Liked
    3 times
    Thanks for the response. User accounts are on my to do list but at the moment anyone can post. I am actually have code that works now simular to what I have above but a lot more. I also check the input data to make sure it is in the desired format e.g. name or number. I only got this working today and so far no spam.

    If I start getting spam again then I will have to add a CAPTCHA and probably a hidden text box for verification.
    Im pretty new to web design but I am learning fast. I will help if I can.
    Check out my sites http://www.mediareviewzone.com http://www.iamrobsmith.com

  5. #4
    Senior Member Ronald Roe's Avatar
    Join Date
    Mar 2011
    Location
    Oklahoma City
    Posts
    3,141
    Member #
    27197
    Liked
    959 times
    So as to not seem spammy, I won't post a link, but if you go to my website (in my signature), to the blog page, I have an article on how to implement a honeypot CAPTCHA. The article is for Wordpress, but you can add the same thing to any PHP-based form.
    Ron Roe
    Web Developer
    "If every app were designed using the same design template, oh wait...Bootstrap."


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 09:37 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com