FUDforum: comp.lang.php » Sanitizing user input

Home » Imported messages » comp.lang.php » Sanitizing user input

Show: Today's Messages :: Polls :: Message Navigator

Re: Sanitizing user input [message #169753 is a reply to message #169745]

Fri, 24 September 2010 17:12

Michael Fesser
Messages: 215
Registered: September 2010

Karma:

Senior Member

.oO(MikeB)

> I was considering building this "mega-sanitizing routing" and simply run
> al luser input through it and apply every manner of sanitizing, but it
> seems I'll have to be more selective, since I don't know that I can
> reverse all the processes if need be.

Correct. There's no one-fits-all routine. Inside your application you
should always work with the real, raw data (which is why stripslashes()
might be required to remove automatically added slashes by Magic Quotes,
in PHP 6 it will become obsolete). And then always apply the appropriate
escaping functions, depending on where your data goes. Every context,
every output target requires another kind of escaping. In a DB query you
have to call another escaping function than for an HTML output, even if
it's the same data.

Micha

Report message to a moderator

[Message index]

		Sanitizing user input By: MikeB on Fri, 24 September 2010 05:42
		Re: Sanitizing user input By: Helmut Chang on Fri, 24 September 2010 07:59
		Re: Sanitizing user input By: MikeB on Fri, 24 September 2010 15:24
		Re: Sanitizing user input By: Web Dreamer on Tue, 28 September 2010 10:11
		Re: Sanitizing user input By: Jerry Stuckle on Tue, 28 September 2010 11:21
		Re: Sanitizing user input By: Web Dreamer on Tue, 28 September 2010 13:14
		Re: Sanitizing user input By: Jerry Stuckle on Tue, 28 September 2010 15:14
		Re: Sanitizing user input By: Michael Fesser on Tue, 28 September 2010 16:24
		Re: Sanitizing user input By: Jerry Stuckle on Tue, 28 September 2010 22:35
		Re: Sanitizing user input By: Web Dreamer on Wed, 29 September 2010 08:01
		Re: Sanitizing user input By: Jerry Stuckle on Wed, 29 September 2010 10:57
		Re: Sanitizing user input By: Web Dreamer on Wed, 29 September 2010 13:47
		Re: Sanitizing user input By: Jerry Stuckle on Wed, 29 September 2010 16:21
		Re: Sanitizing user input By: Web Dreamer on Thu, 30 September 2010 07:44
		Re: Sanitizing user input By: Jerry Stuckle on Thu, 30 September 2010 12:32
		Re: Sanitizing user input By: Web Dreamer on Thu, 30 September 2010 12:51
		Re: Sanitizing user input By: Web Dreamer on Tue, 28 September 2010 16:37
		Re: Sanitizing user input By: Jerry Stuckle on Tue, 28 September 2010 22:34
		Re: Sanitizing user input By: Web Dreamer on Wed, 29 September 2010 07:54
		Re: Sanitizing user input By: Web Dreamer on Wed, 29 September 2010 08:02
		Re: Sanitizing user input By: Jerry Stuckle on Wed, 29 September 2010 11:01
		Re: Sanitizing user input By: Web Dreamer on Wed, 29 September 2010 13:15
		Re: Sanitizing user input By: Jerry Stuckle on Wed, 29 September 2010 16:22
		Re: Sanitizing user input By: Web Dreamer on Thu, 30 September 2010 07:47
		Re: Sanitizing user input By: Jerry Stuckle on Thu, 30 September 2010 12:35
		Re: Sanitizing user input By: Web Dreamer on Thu, 30 September 2010 12:57
		Re: Sanitizing user input By: alvaro.NOSPAMTHANX on Fri, 24 September 2010 08:15
		Re: Sanitizing user input By: MikeB on Fri, 24 September 2010 15:06
		Re: Sanitizing user input By: Michael Fesser on Fri, 24 September 2010 17:12

Previous Topic:	how to write a wsdl for php webservice?
Next Topic:	ANNOUNCE - NHI1 / PLMK / libmsgque - Work-Package-II

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Wed Nov 27 11:12:35 GMT 2024

Total time taken to generate the page: 0.04150 seconds