Quote:
Originally Posted by Aaron
I'm sorry, sanitize?
|
Sanitation is the process of removing characters/data from the user-supplied data that you do not want. It can also be known as filtering. However, the problem with either is that someone will always be able to evade your filters.
The best thing to do is validate your data (as others here have already mentioned). For example, for your input element
package, you should check the user-supplied data for that element and make sure it is of one of the two values you are expecting:
Standard Monthly,
Standard Yearly. If it isnt, then drop the data for that element.
PHP Code:
$aryPackage = array('Standard Monthly','Standard Yearly');
if(!in_array($_POST['package'],$aryPackage)){
//drop the value and/or display an error to the user
$_POST['package'] = '';
} else {
//continue on your way
}
You should follow a similar pattern for all the other incoming values as well. A person's name should be alpha characters, spaces, a hyphen, an apostrophe and MAYBE a digit. If the data contains anything beyond that, drop. Essentially, expect that the information that user is giving you is dangerous/tainted and can not be trusted. Paranoia, to a point, is a good thing when you are a programmer.
By the way, your site is currently vulnerable to XSS'ing through your
domain check
http://aetherdesigns.com/hosting/who...m&option=whois