Commit 61d895ab authored by Sorrel Harriet's avatar Sorrel Harriet
Browse files

minor amends lab 7 code

parent 40039976
<?php
/* Helper functions.
Include once from index.php */
/* define a function to sanitise user input
(this would ideally be in includes folder)
helps protect against XSS */
function clean_input($data) {
$data = trim($data); // strips unnecessary characters from beginning/end
$data = stripslashes($data); // remove backslashes
$data = htmlspecialchars($data); // replace special characters with HTML entities
return $data;
}
?>
......@@ -9,6 +9,9 @@ include "templates/nav.html";
// open a new MySQL database connection
require "includes/db_connect.php";
// require the helper functions script
require "includes/functions.php";
// check if 'page' parameter is set in query string
if (isset($_GET['page'])) {
$page = $_GET['page']; // if so, set page variable to value of 'page' parameter
......@@ -31,7 +34,7 @@ case 'album' :
include 'views/album.php';
break;
case 'add-track' :
include 'views/add-track.php';
include 'views/add-track-insecure.php';
break;
default :
include 'views/404.php';
......
......@@ -52,14 +52,6 @@ $content .= $form_html;
// ------- START form processing code... -------
// define a function to sanitise user input (this would ideally be in includes folder)
// helps protect against XSS
function clean_input($data) {
$data = trim($data); // strips unnecessary characters from beginning/end
$data = stripslashes($data); // remove backslashes
$data = htmlspecialchars($data); // replace special characters with HTML entities
return $data;
}
// define variables and set to empty values
$title = $artist_id = $price = $year = $genre = "";
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment