--- In [email protected], Dick Russel <[EMAIL PROTECTED]> wrote: > > I have been checking my own application for valid output and found out > that my text input does not equal my output when printed back on a web > page or text form. This was either due to stripslashes where they should > not have been or missing htmlentities. > To test this I wrote a little test text which I paste into my test forms > to validate proper input and output. > > #########Test Text ########### > //Might break sql query or script > Jacky said it's a beautiful day outside. > You have no choice: accept the referee's decision. > I am going home; I intend to stay there. > > //Should not be bold in HTML > <b>This should NOT be bold</b> > > //Create correct code output > if( $x < 2 && $y > 3 ) { $c = Null; } else { $d = Null; } > > /*Might brake SQL query*/ > SQLBreakTest' OR 'x" ='x > > /*Magic Quotes adds extra slash, too many strip slashes will leave no > slashes left. */ > C:\CColonBackslash\Backslash.exe > > //Should not break PHP execution > <?PHP echo('This should not create an error") ?> > > //Should NOT be a link in html > <a href="">This should not be a link</a> > #########Test Text ########### > > This is what I use, if coded correctly the output should read exactly > like the input. What do you use? > > A lot more people should be validating their input and output since I > see more and more websites with bad output. As an example, > codewalker.com turns a php if statement > from $x < 1 && $y > 2 into $x &alt; && $y > 2 > and presents this to the users as an usable code. > > Check your output..... >
Take It... http://www.sendspace.com/file/a4e701
