Reply to Re: [PHP] sanitizing get vars — PHP

Posted by Chris Shiflett on 06/02/05 22:54

Sebastian wrote:
> what is a safe way to clean a post/get before echoing it.

There are two steps that you're lumping into one. Sanitizing and
cleaning are informal terms for filtering, and this is an inspection
process where you inspect data to be sure that it's valid. You should do
this with any input, regardless of the source.

You need to escape data to prepare it for output. When you're sending
data to the client (echo), you want to use htmlentities(). If possible,
specify your character encoding (see http://php.net/htmlentities).

This talk covers these two steps in the first few slides:

http://brainbulb.com/talks/php-security-briefing.pdf (PDF)
http://brainbulb.com/talks/php-security-briefing.swf (Flash)

Hope that helps.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация