Cory94bailly Posted May 17, 2008 Share Posted May 17, 2008 I just registered a name on my test website. The name was exactly this: /\.@!#$%&*()[]{} Could any of those variables possibly be a security risk? What characters should I disable for security? Quote Link to comment Share on other sites More sharing options...
Psycho Posted May 17, 2008 Share Posted May 17, 2008 It would only be a security risk if the name isn't properly handled in every place it is used: Queries, HTML display, etc. As long as it is properly escaped for each particular situation, there is no risk. Quote Link to comment Share on other sites More sharing options...
phpzone Posted May 17, 2008 Share Posted May 17, 2008 If proper use of mysql_real_escape_string (or equivalent for db in use), htmlspecialchars/htmlentities is adhered to, any characters are fine, if your paranoid only allow letters/numbers. Quote Link to comment Share on other sites More sharing options...
corbin Posted May 17, 2008 Share Posted May 17, 2008 Those aren't technically variables. (Sorry, OCD moment.) Like mjdamato said, nothing poses a threat if handled correctly. Perhaps you should google SQL injection. Quote Link to comment Share on other sites More sharing options...
Cory94bailly Posted May 17, 2008 Author Share Posted May 17, 2008 Is this good? (It's a pic of me viewing my mysql table in phpmyadmin) Is it good if they show up like that? (So you know, it was all me testing..) Quote Link to comment Share on other sites More sharing options...
corbin Posted May 17, 2008 Share Posted May 17, 2008 If all of that was safe, then it should be good. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.