Function to sanitize user input, and search box is now sanitized.

1 files changed, 6 insertions, 5 deletions

diff --git a/food_search.php b/food_search.php
index 73bba79..517a930 100644
--- a/food_search.php
+++ b/food_search.php
@@ -12,18 +12,20 @@
 # and libraries are included
 require("config.php");
 
-# don't go any farther if the user didn't enter any search string
+# Don't go any farther if the user didn't enter any search string
 # as such a query could return thousands and thousands of records
 # and be more or less useless and a resource killer ... there is already
 # javascript validation on this field, but this is here as a safety net
 $searchString = trim($_REQUEST['searchString']);
 if ( empty($searchString) ) {
+	print_r($_REQUEST); exit;
 	$_SESSION['systemMsg'] = "<span class='msgError'>Please enter at least one search word.</span>";
 	header("Location: {$config->_rootUri}/");
 	exit;
 }
 
-# let's implement the PRG (Post->Redirect->Get) method here so that
+
+# Let's implement the PRG (Post->Redirect->Get) method here so that
 # users can use the back button freely without browser warnings
 if ( isset($_POST['doSearch']) ) {
 	# build the query string
@@ -50,9 +52,8 @@ if (
 	exit;
 }
 
-# trim search string of any whitespace
-$searchString = trim($_GET['searchString']);
-
+# Sanitize $searchString
+$searchString = sanitizeUserInput($_GET['searchString']);
 
 # assign the vars to the smarty template
 # these will simply be used to remind the user of how they searched