RedMaster

Could that be done for a MySQL connection handle ?

How can I allow functions to access session-wide or application-wide variable values without having to: A) Pass them as arguments each time the function(s) is executed B) Declare the requested values/variables global within each function that uses them I'm trying to discover the best practice for this and I'm not sure either of the above are very efficient. Ha I kind of wish there was a way to declare all my application-wide values global in the beginning and allow functions to access them. Also, If I have a html template file which contains only html and application varibles ($name. address, etc.) how can I read that file into being displayed in such a way that the html quotation marks will not require protective slashes to be included in the file itself and still have php do value replacement for the varibles ($name, $address, etc.) found within the file prior to the echo or printr commands? Thanks for your time and assistance !

Sweet, thanks MadTechie!! Your help is appreciated.

Expression in question: $regexp1 = "^(([a-zA-Z\s]+([\s]?[\-]?[\s]?)?)+([a-zA-Z]*))+$"; So I picked up Regular Expression Editor (version 1.4.0.0) from Waterpoof software and I made the above expression in it and tested it against the string below and it worked okay. However when dropping it into the function below it aparently returns false. I hate to make this a broad question but maybe you may see something I haven't yet.. The pupose of this expression is to validate names which may contain spaces and/or hyphens but to not allow users to get carried away with excessive spaces or hyphens. I am very new to regular expression btw so no flames please. If you have any ideas I'd greatly appreciate it. String: cun lee pow-si- tu-do Function: function validateName($name){ $noodle1 = 0; $regexp1 = "^(([a-zA-Z\s]+([\s]?[\-]?[\s]?)?)+([a-zA-Z]*))+$"; if (eregi($regexp1, $name) == true) { $noodle1 = true; } else { $noodle1 = false; } return $noodle1; }

You can do that, as well as strip_tags if you want to just remove them period. Really you won't run into too much of a problem if you use those two, though ideally regular expression checks are best. An address for example might be composed of the following: /^[A-Z0-9.\- ']+$/i So even though you said you have some complex fields, an address should not be one of them. Yeah see i was having problems building a regex for that field. I kept wanting to keep it flexible; i.e. let users include special characters such as #, and & incase they randomly wanted to. I'll try ur sample regex. Thanks.

Could you provide an example as to how that's screwing up your script? I'm not saying it is, I'm just wanting to prevent it. The site this will be on may be subject to expolit attempts by random people looking to bring down the site in question.

Well all that sounds fine for moving data into a database but what about the security of the scipt in general? Namely preventing users from being able to throw a bunch of wierd characters into the text fields and causing the script to get choked on them. I've been using regular expressions to allow only certain characters in some fields (or else the data is thrown out). But it isn't going so smooth for my address data. Is there any one thing you'd reccomend that I could employ to take care of potentially dangerous user-provided data?

Could not find an edit function for my original post so this reply is the updated code I'm considering... function safe($string) { $v = strip_tags($string); return filter_var($v, FILTER_SANITIZE_STRING); }

Hey ppl, I'm working on a application where security is very important. Not only to keep bad people from doing malicious things, but to also protect the database and the server from being broken do to an innocent mistake or something by an end user. I've got the input for the email and phone numbers covered. What I need to know right now is how to protect other more general form fields such as name, address, which I think need to be somewhat flexible in what characters they accept, from being used to cause the program to "break", execute arbitrary code, or perform some type of SQL Injection attack on the db. So I'm wondering what techniques would one recommend on guarding against exploitation in this area? Would simply requiring input to match general regular expressions do the trick? Would I need something that strips out all potential harmful characters? I wrote this small funct. for sanitizing the name and address fields but it seems too simple. Input appreciated! Thanks!! function safe($string) { return filter_var($string, FILTER_SANITIZE_STRING); }

well I mean I know how I can successfully write the code by hand but I'm asking for ideas of ways to use exsisting free applications to do the same thing(s)?

Hi phpFreaks! I'm wondering if anyone here knows of any ideas of how to accomplish the following starting from a php application which is already freely avalible: - Allow people to register/create a profile - Allow those registered people to sign up for time slots to volunteer - Send those people reminder emails 1 day before they are to volunteer .. I think those are the most major features I can think of this right now. I am already trying to construct my own but knowing how much security I'll need to write into the application to keep the script kiddies at bay I'm not confident I want to partake in all of that just yet, i think there may be a way I can do this w/o having to write so much but I dunno how yet so I've come to ask here. Thank you for your time!!