The fact that the original question posted almost one year ago hasn't been responded yet is laughable… this thing is 100% vulnerable to sql injection, tested and returned positively positive, the way the processing code is formed makes it impossible to introduce a sanitizing function into the php, in fact anything at all, maybe good to be used with file based database or just email, I wouldn't risk having in sql mode.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If you know enough to ask the question you should know enough to open the code and see for yourself. This is open source code for you to freely do what you want with it. If you don't like it, don't use it.
It's not rocket science. It is simple scripting code anyone can read and understand with a little effort.
AND IT"S FREE!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
No offense but I'm not asking any questions just a matter of personal opinion, whether I like it or not… I don't think is the point of discussion here, further I realized is free and I can see the coding is simple too… since you bringing that up and and the fact being… it reaffirms my previous statement.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
For what is worth and if it is of help to anyone interested… after testing with various formats and parameters without success I'm trying now strip_tags() … I noticed this works successfully for the first textarea input in the form, not for multiple ones, neither for input fields or array() … here is the site that explains how to use it: http://www.chucklinart.com/protect-forms-against-xss-php-security
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Maybe I'm just missing it, but does the form do any sanitizing of the users input to prevent sql injection and the like?
The fact that the original question posted almost one year ago hasn't been responded yet is laughable… this thing is 100% vulnerable to sql injection, tested and returned positively positive, the way the processing code is formed makes it impossible to introduce a sanitizing function into the php, in fact anything at all, maybe good to be used with file based database or just email, I wouldn't risk having in sql mode.
If you know enough to ask the question you should know enough to open the code and see for yourself. This is open source code for you to freely do what you want with it. If you don't like it, don't use it.
It's not rocket science. It is simple scripting code anyone can read and understand with a little effort.
AND IT"S FREE!
No offense but I'm not asking any questions just a matter of personal opinion, whether I like it or not… I don't think is the point of discussion here, further I realized is free and I can see the coding is simple too… since you bringing that up and and the fact being… it reaffirms my previous statement.
For what is worth and if it is of help to anyone interested… after testing with various formats and parameters without success I'm trying now strip_tags() … I noticed this works successfully for the first textarea input in the form, not for multiple ones, neither for input fields or array() … here is the site that explains how to use it: http://www.chucklinart.com/protect-forms-against-xss-php-security