Zdravím mám spravene prihlasovanie cez steam a ked sa prihlasi tak mi uloži do databazi jeho meno ale nastal tu jeden problem,že ak si niekto da do mena <script> tak môže lahko zabugovať stránku tak by som potreboval podmienku,že ak ma v mene script tak mu to vymaže z mena určite ma chápete
case 'login':
include 'openid.php';
try
{
$openid = new LightOpenID('http://'.$_SERVER['SERVER_NAME'].'/');
if (!$openid->mode) {
$openid->identity = 'http://steamcommunity.com/openid/?l=russian';
header('Location: ' . str_replace("csgowinbet", "csgowinbet", $openid->authUrl()));
} elseif ($openid->mode == 'cancel') {
echo '';
} else {
if ($openid->validate()) {
$id = $openid->identity;
$ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
preg_match($ptn, $id, $matches);
$url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=C59002C6AF973D43E01CF7A4EC5EF3D9&steamids=$matches[1]";
$json_object = file_get_contents($url);
$json_decoded = json_decode($json_object);
foreach ($json_decoded->response->players as $player) {
$steamid = $player->steamid;
$name = $player->personaname;
$avatar = $player->avatar;
}
$hash = md5($steamid . time() . rand(1, 50));
$sql = $db->query("SELECT * FROM `users` WHERE `steamid` = '" . $steamid . "'");
$row = $sql->fetchAll(PDO::FETCH_ASSOC);
if (count($row) == 0) {
$db->exec("INSERT INTO `users` (`hash`, `steamid`, `name`, `avatar`) VALUES ('" . $hash . "', '" . $steamid . "', " . $db->quote($name) . ", '" . $avatar . "')");
} else {
$db->exec("UPDATE `users` SET `hash` = '" . $hash . "', `name` = " . $db->quote($name) . ", `avatar` = '" . $avatar . "' WHERE `steamid` = '" . $steamid . "'");
}
setcookie('hash', $hash, time() + 3600 * 24 * 7, '/');
header('Location: http://www.csgowinbet.eu/sets.php?id=' . $hash);
}
}
} catch (ErrorException $e) {
exit($e->getMessage());
}
break;