To be more specific: b, i and u can be easily detected but the problem is in the url and its content to be replaced by <a href=link>content</a>
/\[b\]/g, "<b>" /\[\/b\]/g, "</b>" /\[i\]/g, "<i>" /\[\/i\]/g, "</i>" /\[u\]/g, "<u>" /\[\/u\]/g, "</u>" [url]http://url[/url] or [url=http://url]URL text[/url] should be: <a href=http://url>http://url</a> or <a href=http://url>URL text</a> I am playing around with this but no hope till now /\[url(.*)\]/g, "<a href=>1" /\[\/url\]/g, "</a>" Georges EL OJAIMI wrote: > Hello, > > I got this link http://www.securityfocus.com/infocus/1768 which contain > different kind of SQL injection, however I still want to capture the > following: > > [b] [/b] > [i] [/i] > [u] [/u] > > What is the RegEx pattern to check the characters [ ] > > Georges > > ik wrote: > >> Hi, >> >> >> On Jan 29, 2008 7:00 AM, Yona Shlomo <[EMAIL PROTECTED]> wrote: >> >> >>> On Mon, 28 Jan 2008, Georges EL OJAIMI wrote: >>> >>> >>> >>>> Hello, >>>> >>>> Yona Shlomo wrote: >>>> >>>> >>>>> How does the following help prevent HTML characters and SQL >>>>> injection into the database? >>>>> >>>>> >>> Can you answer this question? How does this transformation >>> of yours help prevent SQL injections? >>> >>> >> Personally I'm removing chars that I do not expect to have, so if I >> expect a number value, I do something like this: >> >> s/[^0-9]//g >> >> Now chars that might effect HTML/SQL are escaped when I use them on >> HTML/SQL (not before, because it might change the content that I wish >> to check, like %20 for spaces [in URI] etc). >> On SQL, I also use binding (if possible I recommend name binding >> rather then anonymous binding). >> I usually create some sort of tools that does all of this for me, so I >> will not have to write a lot of code for each work I require, and you >> might even want to create a module such as Sanitize::HTML and >> Sanitize::SQL that will be able to work well. >> For HTML I recommend the cgi module, it has great escaping features. >> >> Ido >> >> > > _______________________________________________ > Perl mailing list > [email protected] > http://perl.org.il/mailman/listinfo/perl > > _______________________________________________ Perl mailing list [email protected] http://perl.org.il/mailman/listinfo/perl
