Commit 61d895ab authored by Sorrel Harriet's avatar Sorrel Harriet
Browse files

minor amends lab 7 code

parent 40039976
<?php
/* Helper functions.
Include once from index.php */
/* define a function to sanitise user input
(this would ideally be in includes folder)
helps protect against XSS */
function clean_input($data) {
$data = trim($data); // strips unnecessary characters from beginning/end
$data = stripslashes($data); // remove backslashes
$data = htmlspecialchars($data); // replace special characters with HTML entities
return $data;
}
?>
...@@ -9,6 +9,9 @@ include "templates/nav.html"; ...@@ -9,6 +9,9 @@ include "templates/nav.html";
// open a new MySQL database connection // open a new MySQL database connection
require "includes/db_connect.php"; require "includes/db_connect.php";
// require the helper functions script
require "includes/functions.php";
// check if 'page' parameter is set in query string // check if 'page' parameter is set in query string
if (isset($_GET['page'])) { if (isset($_GET['page'])) {
$page = $_GET['page']; // if so, set page variable to value of 'page' parameter $page = $_GET['page']; // if so, set page variable to value of 'page' parameter
...@@ -31,7 +34,7 @@ case 'album' : ...@@ -31,7 +34,7 @@ case 'album' :
include 'views/album.php'; include 'views/album.php';
break; break;
case 'add-track' : case 'add-track' :
include 'views/add-track.php'; include 'views/add-track-insecure.php';
break; break;
default : default :
include 'views/404.php'; include 'views/404.php';
......
...@@ -52,14 +52,6 @@ $content .= $form_html; ...@@ -52,14 +52,6 @@ $content .= $form_html;
// ------- START form processing code... ------- // ------- START form processing code... -------
// define a function to sanitise user input (this would ideally be in includes folder)
// helps protect against XSS
function clean_input($data) {
$data = trim($data); // strips unnecessary characters from beginning/end
$data = stripslashes($data); // remove backslashes
$data = htmlspecialchars($data); // replace special characters with HTML entities
return $data;
}
// define variables and set to empty values // define variables and set to empty values
$title = $artist_id = $price = $year = $genre = ""; $title = $artist_id = $price = $year = $genre = "";
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment