I have been checking my own application for valid output and found out
that my text input does not equal my output when printed back on a web
page or text form. This was either due to stripslashes where they should
not have been or missing htmlentities.
To test this I wrote a little test text which I paste into my test forms
to validate proper input and output.
#########Test Text ###########
//Might break sql query or script
Jacky said it's a beautiful day outside.
You have no choice: accept the referee's decision.
I am going home; I intend to stay there.
//Should not be bold in HTML
<b>This should NOT be bold</b>
//Create correct code output
if( $x < 2 && $y > 3 ) { $c = Null; } else { $d = Null; }
/*Might brake SQL query*/
SQLBreakTest' OR 'x" ='x
/*Magic Quotes adds extra slash, too many strip slashes will leave no
slashes left. */
C:\CColonBackslash\Backslash.exe
//Should not break PHP execution
<?PHP echo('This should not create an error") ?>
//Should NOT be a link in html
<a href="">This should not be a link</a>
#########Test Text ###########
This is what I use, if coded correctly the output should read exactly
like the input. What do you use?
A lot more people should be validating their input and output since I
see more and more websites with bad output. As an example,
codewalker.com turns a php if statement
from $x < 1 && $y > 2 into $x &alt; && $y > 2
and presents this to the users as an usable code.
Check your output.....
