FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » BB type posting - is this secure?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: BB type posting - is this secure? [message #176404 is a reply to message #176403] Sun, 01 January 2012 18:20 Go to previous messageGo to previous message
M. Strobel is currently offline  M. Strobel
Messages: 386
Registered: December 2011
Karma:
Senior Member
> so here is how you filter input data:
>
> 1. use filter_var or other method of removing any unwanted input (for
> example if you expect a number then filter out any other characters except
> 0123456789, easily done with filter_var)
> 2. use pdo / parametrized statements to insert data into database for
> additional security and to avoid sql injection
> 3. when displaying this data back on console use htmlentities to correcly
> print < > into &lt; &gt; etc.
>
> and that is all there is to it.

This is it: on input to script, on input to database, and on
output to browser. I might add to

1. use your own filter function on form input, in case you have
to adjust it. A length limit on input strings might be useful.

3. If you use Smarty (or the like) you do it in your template,
and don't clutter your code.

/Str.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Help with script that retrieve remote files
Next Topic: Give me the names of some CRM php projects
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 23 02:20:32 GMT 2024

Total time taken to generate the page: 0.03970 seconds