All-in-all, what steps should be taken to insure a safe input.
There are many precautions, can anybody fill me in on the rest. - Trim white spaces
- Check for invalid characters
- Make string to lowercase (in some cases)
Is there anything that I missed?
6 1928
All-in-all, what steps should be taken to insure a safe input.
There are many precautions, can anybody fill me in on the rest. - Trim white spaces
- Check for invalid characters
- Make string to lowercase (in some cases)
Is there anything that I missed?
hiya
strip slashes
strip tags
and there is no way you can be 100% safe :P
Can somebody please make a function that does it all.
Atli 5,058
Recognized Expert Expert
Hi.
I usually just run the input through the htmlspecialchars function. It converts all HTML tags into characters that the browser will display as text rather than parse into something nasty. Does nicely unless I am looking for something more specific, like SQL injection or something like that.
This, as well as everything else, is never 100% safe, but it will neutralize most attempts to harm blogs and forums. People that do that kind of stuff are usually idiots trying to impress other idiots by showing of their non-existing hacking skills. I won't loose much sleep worrying about that.
If you were to specify what kind of input you are talking about we might have some more specific answers.
- function secureData($string, $lowercase = false)
-
{
-
$string = trim($string);
-
$sting = htmlspecialchars($string);
-
-
if ($lowercase)
-
$string = strtolower($string);
-
-
$string = stripslashes($string);
-
-
return $string;
-
}
call it like: -
$sting = secureData($string, false);
- function secureData($string, $lowercase = false)
-
{
-
$string = trim($string);
-
$sting = htmlspecialchars($string);
-
-
if ($lowercase)
-
$string = strtolower($string);
-
-
$string = stripslashes($string);
-
-
return $string;
-
}
call it like: -
$sting = secureData($string, false);
If only I could spell -
function secureData($string, $lowercase = false)
-
{
-
$string = trim($string);
-
$string = htmlspecialchars($string);
-
-
if ($lowercase)
-
$string = strtolower($string);
-
-
$string = stripslashes($string);
-
-
return $string;
-
}
call it like: -
$string = secureData($string, false);
I wanted to retrieve a simple alphanumeric string through URL.
This is what I made, (and again, every case is different, and you'll never be %100 safe):
[PHP]
function clean($str){
$str=strtolower($str);
$str=trim($str);
$str=htmlspecialchars($str);
$str=preg_replace('/[^A-Za-z0-9 ]/', '', $str);
$str=stripslashes($str);
return $str;}[/PHP]
Calling it:
[PHP]$id = clean($_REQUEST['id']);[/PHP]
What's your opinion? Fine?
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: Derek Fountain |
last post by:
I was just writing a sanitisation route for a bit of user input. The data is
an English text description of a product, and will go into a DB, then back
out to other user's browsers.
As per...
|
by: Ramius |
last post by:
I have a php page that needs to make a system() call to a perl app. I
need to send user-entered search terms as parameters to the perl app,
and then capture the output from perl, do some light...
|
by: Irmen de Jong |
last post by:
Pickle and marshal are not safe. They can do harmful
things if fed maliciously constructed data.
That is a pity, because marshal is fast.
I need a fast and safe (secure) marshaler.
Is xdrlib the...
|
by: Eric Boutin |
last post by:
Hi ! I was wondering how to quickly and safely use a safe scanf( ) or gets
function... I mean.. if I do :
char a;
scanf("%s", a);
and the user input a 257 char string..
that creates a...
|
by: ais523 |
last post by:
I use this function that I wrote for inputting strings. It's meant to
return a pointer to mallocated memory holding one input string, or 0 on
error. (Personally, I prefer to use 0 to NULL when...
| |
by: Need2CSharp |
last post by:
Hi All,
Following is a quote from an article on MSDN.
Article Title: Safe, Simple Multithreading in Windows Forms
URL:...
|
by: laredotornado |
last post by:
Hi,
I'm using PHP 4.4.4 on Apache 2 on Fedora Core 5. PHP was installed
using Apache's apxs and the php library was installed to
/usr/local/php. However, when I set my "error_reporting"...
|
by: Xavoux |
last post by:
Hello all...
I can't remind which function to use for safe inputs...
gets, fgets, scanf leads to buffer overflow...
i compiled that code with gcc version 2.95.2, on windows 2000
char tmp0 =...
|
by: lwhitb1 |
last post by:
Does anyone have any input on setting up my CAB application so that the
application is thread safe, and cached appropiately? I read that this
can be managed through Services, and dynamic injection....
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |