Hey ppl,
I'm working on a application where security is very important. Not only to keep bad people from doing malicious things, but to also protect the database and the server from being broken do to an innocent mistake or something by an end user.
I've got the input for the email and phone numbers covered. What I need to know right now is how to protect other more general form fields such as name, address, which I think need to be somewhat flexible in what characters they accept, from being used to cause the program to "break", execute arbitrary code, or perform some type of SQL Injection attack on the db. So I'm wondering what techniques would one recommend on guarding against exploitation in this area?
Would simply requiring input to match general regular expressions do the trick?
Would I need something that strips out all potential harmful characters?
I wrote this small funct. for sanitizing the name and address fields but it seems too simple. Input appreciated!
Thanks!!
function safe($string) {
return filter_var($string, FILTER_SANITIZE_STRING);
}