Alright, so I am trying to strip my tags because someone keeps hacking my website by using the old ">blah as their username. For some reason my strip_tags(); is not stripping the tags, but the addslashes(); is working... Please help asap I am tired of the hacking.
I don't know if I left off a bracket - but here is the code:
public function register() {
$correct = false;
try {
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$this->username = strip_tags($this->username);
$this->username = addslashes($this->username);
$sql = "INSERT INTO User_Agents(username, password) VALUES(:username, :password)";
$stmt = $con->prepare( $sql );
$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->execute();
return "Registration Successful <br/> <a href='index.php'>Login Now</a>";
}catch( PDOException $e ) {
return $e->getMessage();
}
}
This is what it turns out to when it goes into my database: Picture of what it entered
I'd appreciate it sooo much if anyone could help!
Aucun commentaire:
Enregistrer un commentaire