On Tue, 2010-02-16 at 09:07 -0500, Mike Alaimo wrote: > Can anyone guide me here? I have the desire to store user entered > data into the session. I am regexing it to be only a-zA-z0-9 and a > space. The data is stored in an object and then serialized before > storing it into the session. Does anyone see any potential security > risks here? > > Thanks, > > Mike >
I think you're fine, I can't see any problems. I think most of the time you have to worry when you're actually doing something with the data, like inserting it into a file or database, or outputting it to a screen, as these are the times that injections can take place. Thanks, Ash http://www.ashleysheridan.co.uk
