Function not found (its a bit weird)

so before I start quickly
this is not meant to actually stop XSS scripts
I am designing a project which shows common error in preventing XSS
[PHP]

<?php $message = 'iframe javascript normaltext'; $message = xsseliminator($message); echo $message; function xsseliminator($message) { $xssWords = array('iframe', 'javascript'); $replaceWith = array(' the iframe tag is forbidden', ' the javascript tag is forbidden'); $message = str_ireplace($xssWords, $replaceWith, $message); return $message; } ?>

[/PHP]
This works fine on its own page however when I place

it inside this
[php]

<?php //when sumbit button is pressed if(isset($_POST['btnSign'])) { //assign these values //$message is taken from the message box on the page (mtxMessage) $message = trim($_POST['mtxMessage']); $message = xsseliminator($message); //$name is taken from the session value for username $name = ($_SESSION['username']); //email is taken from the value of the erlear php query for the email $email = ($emailr); function xsseliminator($message) { $xssWords = array('iframe', 'javascript'); $replaceWith = array(' the iframe tag is forbidden', ' the javascript tag is forbidden'); $message = str_ireplace($xssWords, $replaceWith, $message); return $message; } //Construct sql query to send to the database $query = "INSERT INTO $tbl_name (comment,username,email) VALUES ('$message','$name','$email');"; //run the query on the datbase or return error message $result = mysql_query($query) or die('
' . mysql_error() . '
' ); //reloadpage header("Location:login_msgboard.php"); } ?>

[/php]

I get the error
[Thu Jan 10 17:07:09 2013] [error] [client 127.0.0.1] PHP Fatal error: Call to undefined function xsseliminator() in /var/www/CorviTestingVuln/CorviTestingMed/login_msgboard.php on line 38, referer: http://127.0.0.1/CorviTestingVuln/CorviTestingMed/login_msgboard.php

ahh ok sorry guys just realised why it wasn’t working

can’t write functions inside if statements :smiley:

problem resolved

Sponsor our Newsletter | Privacy Policy | Terms of Service