By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
431,872 Members | 2,392 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 431,872 IT Pros & Developers. It's quick & easy.

Caution will nasty user input

P: n/a
I've received some input from the user's browser, checked it for unpleasant
stuff, and determined that it contains characters I'm not happy with. I'd
like to store it or email it to an administrator for inspection (so attack
types can be monitored and so on).

What steps should I take to ensure that the code that delivers the email or
writes to the log file doesn't get exploited by something which I know is
nasty? I thought of base64 encoding it, but that would render it unreadable
without a special viewer of some sort. Is there something I can do to
guarantee the string is harmless without obfusticating it too much?

--
The email address used to post is a spam pit. Contact me at
http://www.derekfountain.org : <a
href="http://www.derekfountain.org/">Derek Fountain</a>
Jul 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Derek Fountain wrote:
<snip>
What steps should I take to ensure that the code that delivers the email or writes to the log file doesn't get exploited by something which I know is nasty? I thought of base64 encoding it, but that would render it unreadable without a special viewer of some sort. Is there something I can do to
guarantee the string is harmless without obfusticating it too much?


htmlspecialchars() ?

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Jul 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.