September 14th, 2013, 07:52 AM
Php <br> tags help
I have a page that has a feedback form and it automatically adds the feedback to the page but for some reason I am getting lots of <br> tags appearing before the feedback form
The link is below
September 14th, 2013, 08:23 AM
Post your PHP/HTML code?
Originally Posted by ianhaney
September 14th, 2013, 08:26 AM
Thank you for the reply
Last edited by ianhaney; September 14th, 2013 at 11:28 AM.
September 14th, 2013, 11:12 AM
Oh boy. Has it never occured to you that letting any visitor write directly into your HTML document might be a bit ... problematic?
Take those scripts offline before the script kiddies and criminals find it.
Your website doesn't have any protection at all, and you've just told the general public. This means you have to act now. First of all, delete all scripts which process user input (like the testimonials). Only leave the static pages. Then you have two options:
- Learn how to write secure code and fix the scripts yourself. This will take a lot of time and readiness to learn. To get a basic understanding of web security, check out The 6 worst sins of security.
- Hire a professional programmer to fix the code for you. This will be costly. You also have to be careful, because a lot of the "web programmers" out there don't know what they're doing and will give you nothing but trouble. A good way of dealing with this is to first ask them for some comments on the code and concrete suggestions. And then you show those to us (with their permission, of course) so that we can give you a rough estimate of the programmer's abilities.
By the way, those "<br>" come from empty submissions. Since you don't check the input (not even the CAPTCHA), I can click on the button without entering any text. But like I said, that's really your least problem right now.
September 14th, 2013, 11:29 AM
I have removed the script from this forum, so it is best and more secure not to have feedback automatically added to a webpage
September 14th, 2013, 11:49 AM
I was talking about your scripts on the server! That's what you need to delete! Hiding your scripts from this forum doesn't get you anywhere as long as they're still on your server.
Remove the testimonials page and the contact form and any other page involving user input.
September 14th, 2013, 12:10 PM
Ahh ok will do so is def not a good idea then to have a form that automatically adds testimonials to the page
September 14th, 2013, 01:11 PM
Taking user input itself is not bad. That's how this forum works. But if you take the raw input and just dump it on the page, you let anybody on this world manipulate your page. A script kiddie might use this to put up some "Hacked by xy" message. A criminal might misuse your page to spread malware and break into the computers of your users.
Deferring the messages doesn't help you if your database code is vulnerable as well -- and that's what I expect. To me it looks like you have no security concept at all.
September 14th, 2013, 01:25 PM
What is the secure and safest way to allow users to add testimonials to the webpage
September 14th, 2013, 01:47 PM
You don't understand. I'll send you a private message.
September 15th, 2013, 09:54 AM
there are quite a few STICKIES talking about security, why not read one?
September 15th, 2013, 11:57 AM
The scripts are still online, and they're still vulnerable to cross-site scripting and SQL injections.
How can you run a business like that? Well, not our problem.
September 15th, 2013, 12:12 PM
Excuse rather than criticise, how about little bit of direction on how to secure it, isnt forums about helping rather than criticising
September 15th, 2013, 01:22 PM
What are you talking about? I told you exactly what you need to do and pointed you to an article which explains all security basics you'll need to know. paulh1983 also pointed you to the various security articles in this forum.
We're not gonna spoonfeed you, if that's what you're waiting for. If you were a 12-year-old kid who just started with their very first home page, then maybe I would actually take your hand and walk you through the code line by line. But you're a grown-up man who makes a living from writing code. I expect you to to be able to learn from articles and think for yourself.
If you can't do it, then hire somebody who can.
Comments on this post
September 15th, 2013, 01:36 PM
I do apologise, I have backtracked and see the link you included, so sorry for missing that link, am looking now and going through it
Oh no def not want to be spoonfed, I want to learn it and won't learn anything if am walked through the coding