Hey all,
I've provided a form for a client of the company I work for that
basically emails the form data to an email address. Only a couple of
the many fields are required...nothing too fancy.
However, the sys admin has made the following request:
"All fields, not just the required fields, need validation for syntax,
shell escape characters and string length. This is a security issue."
On no site have I ever had to deal with this being a "security
issuue"... I mean, is having escape characters in a form field really
a big deal? Or having an empty form field? At most, they get put
into a variable that's then sent in an email.
If I need to check for escape characters, what's the best way to
approach doing so? Thanks y'all!
-Mike 1 5698
"ratlhead" <ra******@ratlhead.com> wrote in message
news:fd**************************@posting.google.c om... Hey all,
I've provided a form for a client of the company I work for that basically emails the form data to an email address. Only a couple of the many fields are required...nothing too fancy.
However, the sys admin has made the following request:
"All fields, not just the required fields, need validation for syntax, shell escape characters and string length. This is a security issue."
It might become an issue when you build a DB driven site and someone uses a
text field to insert SQL to delete the entire database, for example. On no site have I ever had to deal with this being a "security issuue"... I mean, is having escape characters in a form field really a big deal? Or having an empty form field? At most, they get put into a variable that's then sent in an email.
Forms don't just send e-mails. Look on almost any e-commerce site and you
will find examples of database searches driven by HTML forms. An empty form
field might cause an SQL command to fail. SQL error messages displayed on
the client's browser don't look very proefssional. If I need to check for escape characters, what's the best way to approach doing so? Thanks y'all!
One way to validate from entries is to use regular expression patterns to
check the form entries fit a specific template, ie numbers only, text, text
and spaces.
check to see if a forename field entry is composed only of letters
if(!preg_match("/^[a-zA-Z]+$/",$_POST["Nforename"]))
{
// invalid form entry. go back to form
}
/^[0-9]+$/ - only digits 0 - 9 allowed
/^[a-zA-Z\s]+$/ - letters and spaces
/^[a-zA-Z0-9\.]$/ - letters, numbers and periods -Mike This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: TekWiz |
last post by:
I've got a system that automatically generates a form. I have it set
up so that the backend will return to the inital form page with an
error object in sessions data (assuming the backend detected...
|
by: Sean Abrahams |
last post by:
The following is a reprint of a message I sent to the tutor list a long
time ago, that I haven't gotten around to discussing with anyone else
and failed to hear a reply on the tutor list. Hoping...
|
by: Cooper |
last post by:
Hello,
i have a form with TEXT, SELECT etc, elements. Simple, i suppose two TEXT
(name: T1 and T2). If a user insert a bad value, it display a error message
and turn back at form.
My problem is:...
|
by: szar |
last post by:
I'm passing numerous array elements called list when a form is submitted.
the brackets are necessary for PHP to see all the values as an array.
The problem is I can't seem to reference the form...
|
by: WindAndWaves |
last post by:
Hi Gurus
In my quest in putting my first javascript together, I am now trying to
conquer something that seems trivial, but has taken me hours.
I would like to format a field in a form once the...
| |
by: Abhi |
last post by:
FYI:
This message is for the benefit of MS Access Community. I found that
this prblem has been encounterd by many but there is hardly any place
where a complete solution is posted. So I thought...
|
by: h7qvnk7q001 |
last post by:
I'm trying to implement a simple server-side form validation (No
Javascript). If the user submits a form with errors, I want to
redisplay the same form with the errors highlighted. Once the form...
|
by: Cerebral Believer |
last post by:
Hi folks,
Can anyone help me with this form:
http://futurebydesign-music.com/_member/club_fbd_reg.php
I have followed to coding instructions aas closely as I can, but I am
getting errors...
|
by: ak1dnar |
last post by:
Hi, I got this scripts from this URL
There is Error when i submit the form.
Line: 54
Error: 'document.getElementbyID(....)' is null or not an object
What is this error.
Complete Files
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |