Security: Forms and displaying invalid data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have a form, that takes user input, and was wondering what are your thoughts of redisplaying user input back on the page after validation has failed.

Eg. they have to enter a date in format: 'yyyy-mm-dd'
and they enter: <script>.....</script> etc. or anything for that matter.
Although that would prob be too long for the field, but you get the idea.

How do other people out there tend to handle this? As it only affects the user that post the data if anything is malicious.

Some options that I have come up with are:
1. Displaying previous data (or empty field) for example if user is editing something.
2. Just displaying exactly what they entered again on the screen.
3. Stripping out certain undesirable characters before displaying.


Thanks,

Rob

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux