alternative to die() function and echo?
View Single Post
04-20-2008, 05:08 PM
is cute and cuddly
Join Date: Mar 2008
Location: Vegas, Baby
There's a couple things you're going to want to do when you accept a form, and a lot of resources for reading a variety of different ideas on how to get it done. I could post you the methods I use to sanitize and then validate data when it comes in through a form, but honestly when it comes to security I think it's something you really should understand fully what you are accomplishing, otherwise the opportunity for something to slip through is rather huge.
Generally the process takes atleast a couple steps;
1. Sanitize all incoming data. This is where you catch most xss and sql injection type vulnerabilities by cleaning your form data of any corrupt or malicious entries. Check out such functions as
. Also be sure to read up on magic_quotes_gpc when you get to that last one, as some servers mistakenly have this turned on, requiring you to do some extra coding in order to deal with it.
2. Validate incoming data to make sure you're getting the right kind. Again, there's various ways of doing this, such as using
, or completely writing your own from the ground up (though that usually requires some
View Public Profile
Send a private message to delayedinsanity
Visit delayedinsanity's homepage!
Find More Posts by delayedinsanity