PHP - security issues, and what i should do

[Chronicle]

Hello
I have set up [removed]

Firstly, am I using the right terms (checksum/hash etc) on the page?

I only have strip_tags() on the "blob" one. I havn't put it into the others. Which means if something like "> test is writen it ****s it up. I know i could sort it out by a simple strip_tags(), but then the user will think that the md5 version of it was done without any tags (if that makes sense). any ideas what to do?

Also are there any security issues server side, as basically all it does is:

$md = $_POST['md'];
$md = md5($md);
echo $md;

I know there are the client side issues as mentioned above.

Thanks

 

[Chronicle]

Thanks.
Updated it now with an ajax thing, so it is more instant.
I used that htmlentities() function on the non AJAX version.
Cheers

 

[Chronicle]

There are only three ad units, and one link unit.

Kinda offtopic, it's only 3 google ads per page else you'll get ban.

Craig.

That's hardly AJAX :\

and I'm not sure, but there may be some issues with using someone elses code (even though you have left the credits in) and putting a copywright on the page..

Technically it is. And it was from a tutorial explaining how to use it.

Just thought I'd point out, the version with stars, once you submit it it still keeps the entry in the box, it does it by echoing out the password in plain text in the source code. The idea of the * version should surely be that at no point in the proceedings is the password handled in plain text other than in the server side PHP code? I would recommend not showing the *s in the box afterward, i mean, they're only stars anyway, and lots of people don't even like it to show that much, or to show x amount of stars per character to hide the length of the password.

Good point. Thanks.

		xxx
				
		
		
		</td>
		<td width="200">
		
	xxx
		
		</td>
      </tr>

"No Mr. Google my site isn't an 'Adsense site' which is explicitly disallowed, it really does do something, and whoops I'm sorry I really didn't mean to stuff my site with four ad blocks making it really hard to actually use the site at all, really, honest, please don't ban me"

Also, why are you using PHP and AJAX? Javascript can do MD5

It isn't an adsense site. The site does comply with Google's adsense rules. The site wasn't even designed around the adsense blocks anyway.

I know JS can do MD5. But I wanted to do it the way I did it Part of a learning process for me.

Please let this be the end of this thread. I was asking for some php security replies. Not a site critisism. Other wise i would have asked for it.

Mods please lock. thanks.

 

[Chronicle]

D'oh, forgot about the blasted Ad Link whatever Units. They're useless anyway

It is AJAX and it's a good learning experience, you're right

Here is a fantastic series of excellent AJAX tutorials. IBM really has a little-known treasure trove of information

As for the 'Adsense site' thing - I'd check with Google just in case someone reports it and Google decide it's bad. I'd guess you're safe (heck, worldwinddata.com is fine so really they can't be too strict ) but it's always wise to check

Thanks. I had a lot of trouble finding AJAX tutorials that started right from the start, for the complete ajax newbie .

And btw, Google refuse to check my pages any more, think its because everytime i modify them, I used to get them to check them. Now they just say if we find one that doesn't comply with the rules, we'll email you . (lol)