FUDforum: comp.lang.php » Sanitising input

Home » Imported messages » comp.lang.php » Sanitising input

Show: Today's Messages :: Polls :: Message Navigator

Re: Sanitising input [message #172099 is a reply to message #172096]

Sun, 30 January 2011 19:55

Felix Saphir
Messages: 8
Registered: December 2010

Karma:

Junior Member

P E Schoen <paul(at)pstech-inc(dot)com> wrote:

> "Mad Hatter" wrote in message
> news:1vh6rvby4n32n$(dot)1rlvhdwm2g874$(dot)dlg(at)40tude(dot)net...
>
>> I'm writing a simple script which will take a users input, save
>> it to a mysql database and then display it. I'm going to use
>> htmlentities() to clean things up which I hope will stop basic
>> attacks but how else should I sanitise my input?
>
> I am using www.HTMLpurifier.org and it works quite well. It
> allows some HTML and it actually fixes broken or misplaced tags.
> Here is how I sanitize my CGI input:

Just to prevent misunderstandings: As Michael and Denis already
wrote, do NOT mistake HTML "cleanup" for sanitising user input.
It might be useful to use strip_tags() to remove unwanted HTML
from input, but that's not the same thing.

Felix

Report message to a moderator

[Message index]

		Sanitising input By: Mad Hatter on Sun, 30 January 2011 14:09
		Re: Sanitising input By: Michael Fesser on Sun, 30 January 2011 15:00
		Re: Sanitising input By: Denis McMahon on Sun, 30 January 2011 16:35
		Re: Sanitising input By: Norman Peelman on Mon, 31 January 2011 01:17
		Re: Sanitising input By: Captain Paralytic on Mon, 31 January 2011 11:51
		Re: Sanitising input By: Norman Peelman on Mon, 31 January 2011 23:39
		Re: Sanitising input By: Denis McMahon on Tue, 01 February 2011 00:53
		Re: Sanitising input By: Norman Peelman on Tue, 01 February 2011 11:26
		Re: Sanitising input By: Denis McMahon on Mon, 31 January 2011 12:05
		Re: Sanitising input By: P E Schoen on Sun, 30 January 2011 19:47
		Re: Sanitising input By: Felix Saphir on Sun, 30 January 2011 19:55
		Re: Sanitising input By: Ross McKay on Sun, 30 January 2011 21:39
		Re: Sanitising input By: Jerry Stuckle on Sun, 30 January 2011 21:50
		Re: Sanitising input By: Ross McKay on Mon, 31 January 2011 03:43
		Re: Sanitising input By: Jerry Stuckle on Mon, 31 January 2011 04:12
		Re: Sanitising input By: Ross McKay on Mon, 31 January 2011 05:01
		Re: Sanitising input By: Jerry Stuckle on Mon, 31 January 2011 05:10
		Re: Sanitising input By: Ross McKay on Mon, 31 January 2011 05:38
		Re: Sanitising input By: Jerry Stuckle on Mon, 31 January 2011 12:51
		Re: Sanitising input By: Sherm Pendley on Sun, 30 January 2011 22:18
		Re: Sanitising input By: Ross McKay on Mon, 31 January 2011 03:52
		Re: Sanitising input By: Sherm Pendley on Mon, 31 January 2011 05:23

Previous Topic:	Only SPAM!!!
Next Topic:	What tasks are hard for PHP?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Sep 20 13:26:36 GMT 2024

Total time taken to generate the page: 0.04060 seconds