Tilted Forum Project Discussion Community - View Single Post

Silvy · 03-24-2006, 02:20 PM

Regular expressions are, like ratbastid said, a very powerful tool. And yes, it can help you sanitize the input.
Main question is: what do you plan on using the input for? Make sure that the input values cannot break any place you're using it at.

At least I'd check for:
- length (make sure everyplace you use the input value, that it is not too big, for example: database)
- type (expecting a number? use is_numeric() to find out wether it is one)
- special characters (This is the most important part. use html_entities() to prevent javascript injection for example. But also look out for SQL injections...)

There are many examples found around the 'net to sanitze input. There are also alot more functions avaible to help you.

03-24-2006, 02:20 PM	#3 (permalink)
Silvy paranoid Location: The Netherlands	Regular expressions are, like ratbastid said, a very powerful tool. And yes, it can help you sanitize the input. Main question is: what do you plan on using the input for? Make sure that the input values cannot break any place you're using it at. At least I'd check for: - length (make sure everyplace you use the input value, that it is not too big, for example: database) - type (expecting a number? use is_numeric() to find out wether it is one) - special characters (This is the most important part. use html_entities() to prevent javascript injection for example. But also look out for SQL injections...) There are many examples found around the 'net to sanitze input. There are also alot more functions avaible to help you. __________________ "Do not kill. Do not rape. Do not steal. These are principles which every man of every faith can embrace. " - Murphy MacManus (Boondock Saints)