Stripslashes v. strip_tags

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
To prevent code being injected with data in POST or GET, it appears that
either stripslashes() or strip_tags() can be used to 'clean' the data.

What are the relative advantages of each these two functions?

Is there a case for preferring one to the other, or should both be used
to cover all possibilities?

~ Adrian Tuddenham ~
(Remove the ".invalid"s and add "" to reply)

Re: Stripslashes v. strip_tags

On 1/30/2015 5:48 AM, Adrian Tuddenham wrote:
Quoted text here. Click to load it

Neither is going to prevent code injection.

stripslashes() is outdated - it was used with magic_quotes_gpc, which
never was a good idea and is gone.  strip_tags() is meant to remove html
tags, i.e. when parsing html code in a page.

What you need to do is validate every parameter you expect from the
page, ensuring it is of the correct type and has a valid value.  There
is no shortcut.

Remove the "x" from my email address
Jerry Stuckle

Re: Stripslashes v. strip_tags

Quoted text here. Click to load it

I put:

  php_flag magic_quotes_gpc off

in my apache config files and could then remove every stripslashes ()
from a large number of PHP modules.

"Freedom is sloppy. But since tyranny's the only guaranteed byproduct of
those who insist on a perfect world, freedom will have to do." -- Bigby Wolf

Re: Stripslashes v. strip_tags

On Friday, 30 January 2015 16:19:20 UTC+5:30, Adrian Tuddenham  wrote:
Quoted text here. Click to load it



•     Over 6 years of experience in implementing PHP, Object-oriented  
Architecture and Design Patterns & Web-based development.
•    Extensive experience in PHP MVC frameworks including Zend Framewo
rk 1/2, CodeIgniter, CakePHP and Laravel.  
•    Experience in WordPress.
•    Extensive experience working with SOAP and RESTful web services
•    Experience developing web application more dynamic using JavaScri
pt and jQuery/ jQuery UI.
•    Well versed with design and development of presentation layer for
 web applications using technologies like HTML, CSS and Object-oriented Jav
aScript; and web tools like Dreamweaver, Eclipse and Photoshop.
•    Worked with my colleague to design, analyze and develop  web site
s using Angular.js, Bootstrap and Responsive Design
•     Experience in full Software Development Life Cycle (SDLC) - Requ
irements Analysis, Design, Development, Testing, Deployment and Documentati
on as well as Agile methodology
•    Very good communication and interpersonal skills.
•    Experience in Database Design, Relational Data Modeling and Devel
opment, creating complex database Queries, Constraints, Indexes, Views and  
writing Functions, Stored Procedures, Cursors and Triggers.
•    In-depth experience in WAMP (Windows, Apache, MYSQL, PHP) Archite
cture. And LAMP
•    Strong aptitude towards requirement gathering from users.
•    Excellent debugging, problem solving and optimization skills.


•    Programming Languages : C#,  ASP.Net , PHP, Java  
•    Internet Technologies :      HTML, JavaScript, JQuery, CSS and JSP,  
•    IDE and Tools :          Microsoft Visual Studio,  Netbeans, MySQL Work
MSQL Server 2008 Management Studio, Sublime Text  
•    CMS :             Drupal, Magento
•    MVC Framework :     CodeIgniter, Cake PHP & Zend
•    Database    :          MS SQL Server and MYSQL
•    Working Platforms :      Windows 8/XP


    Bachelor of Technology                                 KWANTLEN POLYTECHNIC UNIVERSITY, Surrey BC


REIMAGINING INFORMATION,     Pittsburgh, PA        
    Role:            PHP Developer                       May 2014 – Present    

    Responsibilities:     The web application is based on data, which is provided
 by the client. The service provides information and assists the individual
 to get admission in the universities across US. The end users of the appli
cation cater students, who have interest to enroll in the program. The webs
ite gives the opportunity for students and parents to gather information an
d interact with the application to get familiar with the service. .  


•    Requirements specification identify business goals, requirements  
and project plan
•    Define functionality to create, refine or manage new and existing
 applications and tools
•    Develop and maintain web applications using PHP and SQL, which is
 helping to increase the company’s online presence
•    Organize and upload the web application files to the hosting serv
ice, so it is available to the internet users for viewing via a web browser
•    Communicate with the company to make any changes to meet the requ
irements and to maximize the performance  
•    Writing complex SQL Queries. The database server uses MYSQL  
•    Responsible for managing the student database by updating any cha
nges as required.  
•    Designing developing front-end using JavaScript, CSS & HTML 5  

    Environment: PHP, MYSQL, HTML5, CSS, JavaScript, MVC, CodeIgniter,  
             Angular JavaScript

    Role:    Web Engineer/Web Developer                   Nov 2011 – May 2014    

    Collaborate with language production teammates while communicatin
g with global clients  
    Run  weekly maintenance on 24 translated pages
    Meet clients’ deadlines and expectations for their foreig
n language sites
    Use LINUX to crawl sites to extract content for localization
    Host pages on Proxy servers, which require no IT overhead for cli
    Debug clients’ web pages and gain insight into common web
 related issues
    Work with higher management to oversee team production
    Meet any client requests regarding customization of their transla
ted site
    Worked and developed in MVC architectural pattern web application
 and Drupal CMS.

    Environment: PHP, MYSQL, HTML5, CSS, JavaScript, MVC, CodeIgniter, Drupal,
             Angular JavaScript

INFRONTUSA, New Orleans, LA        
    Role:    Web Application Developer                   Feb 2010 – Nov 2011
Responsibilities:     The schedule management system is a tool that helps peop
le at medical facilities chalk out their schedule in a better way according
 to their requirements. The algorithm used within, takes into consideration
 various factors like availability, work force, pay rate, availability data
, etc. and helps them in assigning shifts to the people that are deemed the
 best fit for it. It also provides forums and polls through which people in
volved can voice their opinions, thus creating a better balance between the
 management and the work force. The project has now been enhanced to a comp
lete workforce management system.  

•    Worked on the development of the drill down dashboard and reporti
ng module in the system which provides a graphical insight on different met
rics required by the customer for defined time periods.
•    Developed a reporting system to provide data according to the req
uirements of the customer.
•    Front-end Coding using but not limited to  HTML/XHTML/DHTML, Java
Script, jQuery and XML.
•    Designed interactive web pages using PHP, CakePHP Framework, HTML
, Java Script and AJAX for navigating through the system.
•    Involved in the development of scripts to import data from Excel  
sheets into the database and also make changes on it.
•    Designed and the wireframes for the application from the scratch  
using Jquery UI
•    Designed and programmed the client application starting with scre
en design mockup, wireframes, Navigation Menu using CSS3, HTML4 HTML5, and  
Jquery UI
•    Built a RESTful API for information query.
•    Supported QA and User acceptance phase of the modules.
•    Collaborated with other developers during the build phase of the  
•    Provided verbal and written reports during all phases of the appl

    Environment: PHP, MYSQL, HTML5, CakePHP, CSS, JavaScript, MVC,  
            Angular JavaScript, JQuery, Magento

    CASTEEL DESIGN CENTRE (CDC), Atlanta, GA    ,    
    Role:    PHP Programmer                           Nov 2008–-Feb 2010
Responsibilities:     Casteel Design Center (CDC) is designed and developed us
ing PHP, Drupal, HTML, CSS, Java Script and Smarty Template System. Develop
ed new modules for System Designer and Sales Manager. Integrated new Featur
es like Order Duplication, EMI inclusion and User Search based on their rol
es. CDC is now being used by Customers, System Designers and Sales Managers

•    Involved in design and development.
•    Configured and worked in LAMP environment.
•    Configured and installed PHPv5, Apache and MYSQL on different env
•    Installed and configured Subclipse.
•    This project includes receiving, reviewing and approving of Caste
elair customer invoices with the convenience of user role assignments and p
roviding the ability to access a standard order or create and save custom a
pproved order.
•    Played a major role in the Casteel Mobile Services team to genera
te an image which can have a pencil sketch on an image and uploaded it to t
he database using Jquery and the image is save through JSON response. This  
was pretty much important for Casteelair internal usage.  
•    Image was implemented with the Canvas attribute in HTML5.
•    Worked with Subversion for versioning control.
Environment: PHP, MYSQL, HTML5, CSS, JavaScript, MVC,  
             Angular JavaScript, JQuery, LAMP, Zend

Role:             Web Developer ( Intern)        Sept 2008 – Nov 2008

Responsibilities:    Designed and developed the application using PHP, MYSQL,
             HTML & CSS  


•    Responsible was designing, updating the back end of the website
•    Communicated with the team members to meet the requirements and t
o integrate the source code  
•    Implemented the front end to enhance the look of the website.  
•    Lead the project by coordinating the team members and keeping tra
ck of changes.  
•    Involved in testing to fix any error to make the project more sta

Environment:     PHP, MYSQL, HTML & CSS, Angular JavaScript,  
CodeIgniter, MVC, JavaScript

REFERENCE: Available upon request

Site Timeline