Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 2 of 2
  1. #1
    Junior Member
    Join Date
    Nov 2003
    Posts
    1
    Member #
    3980
    Ello all

    Im mid way through a web-project at the moment and im just having a few problems with what i should be doing with data that is entered by the user. The nature of the site will involve quite a lot of input which goes to a mysql server and ive heard about possible ways of entering data into html forms which will "break" the system allowing the person who put the code in to run queries of their choice, or other damaging code.

    I know a few ways to stop this happening....

    The first is to limit the characters that can be input by the user, such as limiting to alpha-numerics and a few symbols like -,! etc. The problem with this is that its too strict for places like forums where you should be allowed to post anything, even php code if someone needs support, so that is kind of out of the question.

    The other way i know is by using htmlspecialchars but i dont know to what extent this protects the system.

    Could someone give me a few pointers as to what i should do . Id like to not have to restrict anything, but to make sure that whatever gets sent to the sql server or echo'd through php is 100% safe and wont run any unauthorised code/queries.

    Many thanks for the help :bandit:

  2.  

  3. #2
    Member Seraph's Avatar
    Join Date
    Sep 2003
    Posts
    81
    Member #
    3090
    Its actually very easty to prevent VERY easy.
    just use this function on every single string
    htmlentities()
    so to prevent hacking just execute this function on every single piece of incomming data. If you would like a Great example of data parse for incomming data I suggest you check out the function "parse_incoming", "clean_key", and "clean_value" in the file functions.php in the Invision Board script. http://www.invisionboard.com/downloa...t=dl&s=1&id=11


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 04:07 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com