Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    156
    Rep Power
    13

    Php <br> tags help


    Hi

    I have a page that has a feedback form and it automatically adds the feedback to the page but for some reason I am getting lots of <br> tags appearing before the feedback form

    The link is below

    http://www.irhwebsites.com/sites/goldenwhisk/testimonials.php

    Any ideas?

    Kind regards

    Ian
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2012
    Posts
    25
    Rep Power
    0
    Originally Posted by ianhaney
    Hi

    I have a page that has a feedback form and it automatically adds the feedback to the page but for some reason I am getting lots of <br> tags appearing before the feedback form

    The link is below

    http://www.irhwebsites.com/sites/goldenwhisk/testimonials.php

    Any ideas?

    Kind regards

    Ian
    Post your PHP/HTML code?
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    156
    Rep Power
    13
    Hi Saves

    Thank you for the reply
    Last edited by ianhaney; September 14th, 2013 at 10:28 AM.
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Oh boy. Has it never occured to you that letting any visitor write directly into your HTML document might be a bit ... problematic?

    Take those scripts offline before the script kiddies and criminals find it.

    Your website doesn't have any protection at all, and you've just told the general public. This means you have to act now. First of all, delete all scripts which process user input (like the testimonials). Only leave the static pages. Then you have two options:

    • Learn how to write secure code and fix the scripts yourself. This will take a lot of time and readiness to learn. To get a basic understanding of web security, check out The 6 worst sins of security.
    • Hire a professional programmer to fix the code for you. This will be costly. You also have to be careful, because a lot of the "web programmers" out there don't know what they're doing and will give you nothing but trouble. A good way of dealing with this is to first ask them for some comments on the code and concrete suggestions. And then you show those to us (with their permission, of course) so that we can give you a rough estimate of the programmer's abilities.

    By the way, those "<br>" come from empty submissions. Since you don't check the input (not even the CAPTCHA), I can click on the button without entering any text. But like I said, that's really your least problem right now.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    156
    Rep Power
    13
    I have removed the script from this forum, so it is best and more secure not to have feedback automatically added to a webpage
  10. #6
  11. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    I was talking about your scripts on the server! That's what you need to delete! Hiding your scripts from this forum doesn't get you anywhere as long as they're still on your server.

    Remove the testimonials page and the contact form and any other page involving user input.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    156
    Rep Power
    13
    Ahh ok will do so is def not a good idea then to have a form that automatically adds testimonials to the page
  14. #8
  15. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Taking user input itself is not bad. That's how this forum works. But if you take the raw input and just dump it on the page, you let anybody on this world manipulate your page. A script kiddie might use this to put up some "Hacked by xy" message. A criminal might misuse your page to spread malware and break into the computers of your users.

    Deferring the messages doesn't help you if your database code is vulnerable as well -- and that's what I expect. To me it looks like you have no security concept at all.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    156
    Rep Power
    13
    What is the secure and safest way to allow users to add testimonials to the webpage
  18. #10
  19. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    You don't understand. I'll send you a private message.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Dec 2004
    Posts
    2,989
    Rep Power
    375
    there are quite a few STICKIES talking about security, why not read one?
  22. #12
  23. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    The scripts are still online, and they're still vulnerable to cross-site scripting and SQL injections.

    How can you run a business like that? Well, not our problem.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    156
    Rep Power
    13
    Excuse rather than criticise, how about little bit of direction on how to secure it, isnt forums about helping rather than criticising
  26. #14
  27. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    What are you talking about? I told you exactly what you need to do and pointed you to an article which explains all security basics you'll need to know. paulh1983 also pointed you to the various security articles in this forum.

    We're not gonna spoonfeed you, if that's what you're waiting for. If you were a 12-year-old kid who just started with their very first home page, then maybe I would actually take your hand and walk you through the code line by line. But you're a grown-up man who makes a living from writing code. I expect you to to be able to learn from articles and think for yourself.

    If you can't do it, then hire somebody who can.

    Comments on this post

    • paulh1983 agrees : i agree! furthermore jacques help us more than his fair share, just because it is a forum doesnt mean we are obliged to help you! we have lives, work etc. btw I am unable to give you any rep points, tried before too.. weird
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  28. #15
  29. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    156
    Rep Power
    13
    I do apologise, I have backtracked and see the link you included, so sorry for missing that link, am looking now and going through it

    Oh no def not want to be spoonfed, I want to learn it and won't learn anything if am walked through the coding
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo