Hi Benny,
I know this is a bit of a run-around again, but try the annotated manual on
php.net, it has some good examples of using things here and there.
Specifically useful functions are
htmlspecialentities()
htmlspecialchars()
addslashes()
stripslashes()
nl2br()
also, as far as using regexps goes, you would probably normally want to do
something like (pseudo-esqu :P)
if (!eregi("<expression>", "<string>")) {
fail;
}
hope something in there helps :)
/beau
// -----Original Message-----
// From: C. Bensend [mailto:[EMAIL PROTECTED]]
// Sent: Monday, 14 January 2002 10:49 AM
// To: [EMAIL PROTECTED]
// Subject: [PHP-DB] Sanitizing user input for interaction with DB.
//
//
//
// Hey folks,
//
// Let me preface this with the fact that I know
// information like this exists online, but it's a bear
// trying to find good examples. I checked the list archives,
// and got minimal information. Also, I'm posting to this list
// rather than the -users because this does target a database
// environment.
//
// I am working on a very basic project to put a bunch
// of computer-related information into a searchable PostgreSQL
// database. I'm using PHP 4.0.6 to connect to PostgreSQL
// 7.1.2, via Apache 1.3.20.
//
// I'm a sysadmin, so one of my first concerns is for
// my site to be as secure as I can make it, without crippling
// my ability to do anything. Hence, I have taken reasonable
// steps to minimize the chances of problems, like connecting
// to the database with an unprivileged user (SELECT privs
// on only the necessesary tables). The user can't DROP, or
// INSERT, or anything.
//
// I'm now looking for real, working examples for scrubbing
// input submitted via a form. I've gone over code snippets, read
// security-related articles, and haven't been able to find any
// real (read - targetted at beginning developers) examples for
// this. I want to take the safer approach, and only allow a set
// of characters, rather than trying to weed out the "evil."
//
// I would greatly appreciate it if you folks could
// pass me some URL's for this, or some small blurbs of code...
// I've read dozens of 'use regex' hints, but I need to understand
// a bit more about how to _use_ them, not how to _form_ them.
//
// Sorry to be so long winded... I appreciate any tips/tricks/URLs
// you can give me. :) Thanks!
//
// Benny
//
//
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// A 'good' landing is one from which you can walk away. A 'great'
// landing is one after which they can use the plane again.
// --Rules of the Air, #8
//
//
//
// --
// PHP Database Mailing List (http://www.php.net/)
// To unsubscribe, e-mail: [EMAIL PROTECTED]
// For additional commands, e-mail: [EMAIL PROTECTED]
// To contact the list administrators, e-mail:
// [EMAIL PROTECTED]
//
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
