Closed Thread Icon

Topic awaiting preservation: stop malicious Javascript w/PHP ? (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=12599" title="Pages that link to Topic awaiting preservation: stop malicious Javascript w/PHP ? (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: stop malicious Javascript w/PHP ? <span class="small">(Page 1 of 1)</span>\

 
norm
Paranoid (IV) Inmate

From: [s]underwater[/s] under-snow in Juneau
Insane since: Sep 2002

posted posted 01-31-2003 06:43

Well, I've got my little app. up and running /*Thanks for the tips Butcher */ and now I just need to make sure no one can get cute by passing code through the form.
This is an online survey for I.T. students at my local college, I know that if the students don't try, the instructors will. So... does PHP have any nifty built-in functions to do this, or do I need to roll my own with regular expressions in my validation?

/* Sure, go ahead and code in your fancy IDE. Just remember: it's all fun and games until someone puts an $i out */

norm
Paranoid (IV) Inmate

From: [s]underwater[/s] under-snow in Juneau
Insane since: Sep 2002

posted posted 01-31-2003 07:35

found it !!! Looks like "strip_tags()" should do the trick.

I thought I would post this in case any other inexperienced PHP coders (like me) might be looking for this functionality.

ya gotta love PHP.... it's got everything!

/* Sure, go ahead and code in your fancy IDE. Just remember: it's all fun and games until someone puts an $i out */

Emperor
Maniac (V) Mad Scientist with Finglongers

From: Cell 53, East Wing
Insane since: Jul 2001

posted posted 01-31-2003 13:01

norm: You might also want to look at other fnctions which process input like:

htmlspecialchars()

htmlentities()

etc.

___________________
Emps

FAQs: Emperor

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted posted 01-31-2003 18:05

Alright here's the deal with validating stuff.

Many people early on make the mistake of trying to use some form of regex parsing to remove what they don't want.

When most of the time the best (and frequently easiest method) is to Look for what you do want

In other words if it's a name field then just do something like this

/[a-Z]+/ and pull out just the letters

or zipcodes and phone numbers
/[0-9]+/ just remove everything that's not a number

Combine this for addresses.

Web urls can be tricky but the idea's still hold.



.:[ Never resist a perfect moment ]:.

Lurch
Paranoid (IV) Inmate

From: Behind the Wheel
Insane since: Jan 2002

posted posted 02-05-2003 08:45

Very good tip Bitdamaged


« BackwardsOnwards »

Show Forum Drop Down Menu