Re: PHP/MySQL injection — PHP Programming Language

You are here: Re: PHP/MySQL injection « PHP Programming Language « IT news, forums, messages

Posted by Peter Chant on 11/12/12 11:22

Scott Auge wrote:

> This is what I use:
>
> http://amduus.com/phpezine/archive/Issue2.pdf
>
> http://amduus.com/phpezine/archive/issue2.zip

So, if I want to do something starting from scratch, I strip out HTML tags,
semi-colons and quotes I am killing off a fair amount of vandalism. This
would involve checking both form fields and stuff from the end of urls (I
can never remember the correct term of variables passed there).

Not crucial, as my application is only used by myself and is not publically
accessable, but it would be nice to have a bit of a go.

Suppose if I were expecting alpha numeric stuff (including hyphen) a regular
expression on [ 0-9a-zA-Z-]* would not be a bad place to start.

Pete

--
http://www.petezilla.co.uk

Navigation:

Next in forum: Two PHP Scripts on same page?
Prev in forum: Re: Newsgroup FAQs?
Thread view: Re: PHP/MySQL injection

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация