473,230 Members | 1,542 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,230 software developers and data experts.

Caution will nasty user input

I've received some input from the user's browser, checked it for unpleasant
stuff, and determined that it contains characters I'm not happy with. I'd
like to store it or email it to an administrator for inspection (so attack
types can be monitored and so on).

What steps should I take to ensure that the code that delivers the email or
writes to the log file doesn't get exploited by something which I know is
nasty? I thought of base64 encoding it, but that would render it unreadable
without a special viewer of some sort. Is there something I can do to
guarantee the string is harmless without obfusticating it too much?

--
The email address used to post is a spam pit. Contact me at
http://www.derekfountain.org : <a
href="http://www.derekfountain.org/">Derek Fountain</a>
Jul 17 '05 #1
1 1555
Derek Fountain wrote:
<snip>
What steps should I take to ensure that the code that delivers the email or writes to the log file doesn't get exploited by something which I know is nasty? I thought of base64 encoding it, but that would render it unreadable without a special viewer of some sort. Is there something I can do to
guarantee the string is harmless without obfusticating it too much?


htmlspecialchars() ?

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Jul 17 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

26
by: Michael Strorm | last post by:
Hi! I posted a message a while back asking for project suggestions, and decided to go with the idea of creating an adventure game (although it was never intended to be a 'proper' game, rather an...
48
by: Zenobia | last post by:
Recently I was editing a document in GoLive 6. I like GoLive because it has some nice features such as: * rewrite source code * check syntax * global search & replace (through several files at...
7
by: Marek Mänd | last post by:
When using <TABLE rules="all"> Mozilla 1.6 and previous versions draw a nasty interiour border, which doesnt go away though I have on TD's css border:none set. Is it something wrong with my...
87
by: Sony Music CDs install Malware | last post by:
Whether you are a web surfer or a C++ developer, if you use Windows be cautioned about SONY music CDs. They contain 'viewer' type software that is actually a trojan horse for a "rootkit". The...
1
by: Pierre Rivest | last post by:
1
by: james | last post by:
I am creating an connection string at runtime using decryption (crypto libraries). i have a very unpridictable error while assinging the generated connection string to the connection property. ...
5
by: plumba | last post by:
Hi all I have a form (see below), which for some reason has decided to stop functioning all together. It just does not call up the function. It is called up in the opening <form> tag but...
1
by: Brent White | last post by:
I can't figure out what I'm doing differently with this one drop-down list control from the other two that are working just fine. Background: I am constructing a page that will allow a user to...
13
by: Baldaris | last post by:
Show.php--This is for showing movie names available in database <?php include "auth.php"; $query="SELECT movie_id,movie_name FROM moviesite"; $result=mysql_query($query,$link) or die("Can't...
0
by: VivesProcSPL | last post by:
Obviously, one of the original purposes of SQL is to make data query processing easy. The language uses many English-like terms and syntax in an effort to make it easy to learn, particularly for...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.