On Tue, 2010-02-16 at 09:07 -0500, Mike Alaimo wrote:

> Can anyone guide me here?  I have the desire to store user entered
> data into the session.  I am regexing it to be only a-zA-z0-9 and a
> space.  The data is stored in an object and then serialized before
> storing it into the session.  Does anyone see any potential security
> risks here?
> Thanks,
> Mike

I think you're fine, I can't see any problems. I think most of the time
you have to worry when you're actually doing something with the data,
like inserting it into a file or database, or outputting it to a screen,
as these are the times that injections can take place.


Reply via email to