You are here: Re: PHP/MySQL injection « PHP Programming Language « IT news, forums, messages
Re: PHP/MySQL injection

Posted by Peter Chant on 11/15/12 11:22

Scott Auge wrote:

> This is what I use:
>
> http://amduus.com/phpezine/archive/Issue2.pdf
>
> http://amduus.com/phpezine/archive/issue2.zip

So, if I want to do something starting from scratch, I strip out HTML tags,
semi-colons and quotes I am killing off a fair amount of vandalism. This
would involve checking both form fields and stuff from the end of urls (I
can never remember the correct term of variables passed there).

Not crucial, as my application is only used by myself and is not publically
accessable, but it would be nice to have a bit of a go.

Suppose if I were expecting alpha numeric stuff (including hyphen) a regular
expression on [ 0-9a-zA-Z-]* would not be a bad place to start.

Pete

--
http://www.petezilla.co.uk

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация