Hi,
I Perl there's that -t option that's supposed to check input for
anything nasty. I wondered if there's anything link that in PHP? Some
module? Or some tested block of PHP code that will do it? I'd be
grateful for any links to info.
Thanks, Lee G.
2  1899 
Hello,
On 07/18/2004 02:37 PM, leegold2 wrote: I Perl there's that -t option that's supposed to check input for
anything nasty. I wondered if there's anything link that in PHP? Some
module? Or some tested block of PHP code that will do it? I'd be
grateful for any links to info.
If you use plain input field validation you will be able to reject any
values that are not acceptable.
You may want to take a look at this class. Besides many of the common
types of validation, it has support for discarding values usually passed
by hidden fields for instance to specify id values of database records
to be edited. This way you do not have to worry with any attack
attempts. Take a look at the examples supplied with the class: http://www.phpclasses.org/formsgeneration
--
Regards,
Manuel Lemos
PHP Classes - Free ready to use OOP components written in PHP http://www.phpclasses.org/
PHP Reviews - Reviews of PHP books and other products http://www.phpclasses.org/reviews/
Metastorage - Data object relational mapping layer generator http://www.meta-language.net/metastorage.html
On Sun, 18 Jul 2004 17:37:28 GMT, leegold2 <le*****@nospam .net> wrote: I Perl there's that -t option that's supposed to check input for
anything nasty.
Taint mode in Perl doesn't check for anything "nasty" since there's no single
definition of what's "nasty". Taint modelimits your access to data obtained
from outside your program.
See http://www.perldoc.com/perl5.8.0/pod/perlsec.html
It's supposed to be -T, not -t, anyway; -t is for debugging, it just generates
warnings rather than the correct fatal errors.
I wondered if there's anything link that in PHP? Some
module? Or some tested block of PHP code that will do it? I'd be
grateful for any links to info.
There isn't an equivalent, although it's part of the reason register_global s
is deprecated. Using $_GET, $_POST etc., all the user input is segregated from
ordinary variables.
As far as checking for "nasty" data goes, that depends entirely on context.
Data can only be "nasty" if special characters aren't properly escaped in the
way expected by the process/function/database/whatever you're passing them on
to.
--
Andy Hassall <an**@andyh.co. uk> / Space: disk usage analysis tool http://www.andyh.co.uk / http://www.andyhsoftware.co.uk/space This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Kristina Clair |
last post by:
Hi,
I have a perl script running suid root (thus running in taint mode), and
I'm trying to execute a shell command. Usually I do this using
backticks so I can get the output, and usually it is not a problem.
However, in this instance I am trying to execute a python script, and
the python script does not seem to be running as root, but as the apache
user.
|
by: Wendy S |
last post by:
I have this working, but I don't think it's done efficiently or the best
way:
<a href="javascript:setAllAccounts(true)">check all</a>
<a href="javascript:setAllAccounts(false)">clear all</a>
function setAllAccounts(value) {
for(i = 0 ; i < document.forms.accounts.length; i++ ) {
document.forms.accounts.checked = value; } }
|
by: Samir |
last post by:
Say I have 4 forms, all four have different numbers of text boxes. is there
a script that I can use to check to make sure everything on the form is not
blank?
|
by: John |
last post by:
Hi
We have a staff database and need to make sure that the same staff is not
entered twice. Is there a way for Access to flag if combination of forename
and surname fields is already in the system when adding a new record?
Preferably straight after entering forename & surname so user does not waste
time entering the rest of the info.
Thanks
|
by: Dave |
last post by:
How do I check in a Windows Forms app if any controls have changed? I have
a form that collects data, and I want to prompt the user if they try to exit
the app, or load a new file, without saving changes that have been made.
In MFC/Win32, you'd trap the WM_COMMAND/EN_CHANGE notification messages,
etc. But, this doesn't seem to happen in Windows Forms. I tried Spy-ing a
windows forms app, and the WM_COMMAND messages don't even get sent...
| | |
by: noor |
last post by:
hi,
can any one tell me a javascript that can be called on mouseover event of a
html link control .
script can check from session either a user is login or not
In the case of Login it will redirect to the given url.
In the case of not Login it will prompt the user that u r not login kindly
login.
actually that link leads a user to Download Software. but this feature is
only for registerd user.
|
by: Johann C. Rocholl |
last post by:
The following is my first attempt at adding a taint feature to Python
to prevent os.system() from being called with untrusted input. What do
you think of it?
# taint.py - Emulate Perl's taint feature in Python
# Copyright (C) 2007 Johann C. Rocholl <johann@rocholl.net>
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation files
# (the "Software"), to deal in the...
|
by: Mike |
last post by:
Hello,
Ok I have 2 classes in my project, one is the main form and one is a
connection class, at a certain event on my main form a new instance is
made of the connection class, and a reference to the main form is passed
to its constructor.
The connection class opens up a new thread and starts doing work in it,
and adds collected data to the main form via a (cross-thread) control
invoking delegate.
|
by: BillE |
last post by:
I have found articles on line about using word interop for spell checking
with visual studio applications.
Most of the articles are several years old, though - VS2003, maybe 2005. I
couldn't find anything for VS2008.
Are there any new improvements in spell checking with VS2008?
Thanks
Bill
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
