FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Sanitising input
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Sanitising input [message #172096 is a reply to message #172084] Sun, 30 January 2011 19:47 Go to previous messageGo to previous message
P E Schoen is currently offline  P E Schoen
Messages: 86
Registered: January 2011
Karma:
Member
"Mad Hatter" wrote in message
news:1vh6rvby4n32n$(dot)1rlvhdwm2g874$(dot)dlg(at)40tude(dot)net...

> I'm writing a simple script which will take a users input, save it
> to a mysql database and then display it. I'm going to use
> htmlentities() to clean things up which I hope will stop basic
> attacks but how else should I sanitise my input?

I am using www.HTMLpurifier.org and it works quite well. It allows some HTML
and it actually fixes broken or misplaced tags. Here is how I sanitize my
CGI input:

$in = $_POST ; // Get the CGI input variables
require_once 'C:/xampp/htdocs/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('Core.Encoding', 'UTF-8'); // replace with your encoding
$config->set('HTML.Doctype', 'XHTML 1.0 Transitional'); // replace with your
doctype
$purifier = new HTMLPurifier($config);

foreach ($in as $key => $value) {
// Write to Raw.htm
fwrite( $fLog, "Raw: $key -> $value\n");
$pure_html = $purifier->purify($value);
$in[$key] = $pure_html;
fwrite( $fLog, "Pure: $key -> $in[$key]\n");
}

Paul
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Only SPAM!!!
Next Topic: What *tasks* are hard for PHP?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 10 14:33:21 GMT 2024

Total time taken to generate the page: 0.03358 seconds