did the trick! Now, if I put html code into the input field it doesnt mess up anything. Thanx for steering me to the answer. (and fast too) Heartily appreciated. Hugs Are there still any blatant security risks? My script now:my $whatever = encode_entities($whatever, '<>&"');
#!C:\Perl64\site\bin\perl.exe use warnings; use HTML::Entities; use CGI; my $cgi = CGI->new(); # create new CGI object { ($name, $value) = split(/=/, $pair); $value =~ tr/+/ /; $value =~ s/%(..)/pack("C", hex($1))/eg; $FORM{$name} = $value; } my $nick = $cgi->param('nick'); my $pic = $cgi->param('pic'); my $say = $cgi->param('say'); my $likes = $cgi->param('likes'); my $fav = $cgi->param('fav'); my $car = $cgi->param('car'); my $age = $cgi->param('age'); my $town = $cgi->param('town'); my $drink = $cgi->param('drink'); my $wpage = $cgi->param('wpage'); my $nick = encode_entities($nick, '<>&"'); my $pic = encode_entities($pic, '<>&"'); my $say = encode_entities($say, '<>&"'); my $likes = encode_entities($likes, '<>&"'); my $fav = encode_entities($fav, '<>&"'); my $age = encode_entities($age, '<>&"'); my $town = encode_entities($town, '<>&"'); my $drink = encode_entities($say, '<>&"'); my $say = encode_entities($drink, '<>&"'); my $wpage = encode_entities($wpage, '<>&"'); open(my $fh, '>>', 'drivers.html'); print "Content-type:text/html\r\n\r\n"; print $fh "<b>$nick</b><br><img src='$pic' width='250' height='auto' b +order='2'><br><br>Says <b>$say</b><br>Likes <b>$likes</b><br>Favorite + vehicle <b>$fav</b><br> Real life car/vehicle <b>$car</b><br>Age <b> +$age</b><br>Hometown <b>$town</b><br>Favorite drink <b>$drink</b><br> +<b><a href='$wpage'>$wpage</a></b><HR color=#008000 SIZE=2>\n"; print "<html><head><meta http-equiv = 'refresh' content = '0; url = dr +ivers.html' /></head>"; close $fh;
In reply to Re: Any security holes?
by Limbomusic
in thread Any security holes?
by Limbomusic
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |