Re: Preventing Cross Site Scripting Vulnerbilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

comex wrote:


Similarly is there a library function for escaping database content for
inclusion in HTML pages?

http://php.net/htmlspecialchars
http://php.net/htmlentities
Or roll your own and replace the eregi regex with data that is valid to your application: 

function chk_input( $string ) {
if( eregi( "^[0-9a-z_ -]$", $string ) ) {
 return 0;
} else {
 return 1;
}
}

if( chk_input( $string ) == 0 ) {
echo "valid";
} else {
echo "invalid";
}

--
Jason Gerfen

"Oh I have seen alot of what
the world can do, and its
breaking my heart in two..."
~ Wild World, Cat Stevens

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux