Re: [PHP] Preventing Cross Site Scripting Vulnerbilities — PHP

You are here: Re: [PHP] Preventing Cross Site Scripting Vulnerbilities « PHP « IT news, forums, messages

Posted by Jason Gerfen on 12/07/05 21:34

comex wrote:

>>Similarly is there a library function for escaping database content for
>>inclusion in HTML pages?
>>
>>
>http://php.net/htmlspecialchars
>http://php.net/htmlentities
>
>
>
Or roll your own and replace the eregi regex with data that is valid to
your application:

function chk_input( $string ) {
if( eregi( "^[0-9a-z_ -]$", $string ) ) {
return 0;
} else {
return 1;
}
}

if( chk_input( $string ) == 0 ) {
echo "valid";
} else {
echo "invalid";
}

--
Jason Gerfen

"Oh I have seen alot of what
the world can do, and its
breaking my heart in two..."
~ Wild World, Cat Stevens

Navigation:

Next in forum: Re: [PHP] Preventing Cross Site Scripting Vulnerbilities
Prev in forum: Re: [PHP] Preventing Cross Site Scripting Vulnerbilities
Thread view: Re: [PHP] Preventing Cross Site Scripting Vulnerbilities

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация