abisai Posted February 17, 2010 Share Posted February 17, 2010 I am really green and putting together a simple bit of code. I realize variables need to be sanitized but I'm not sure it needs to be for this since the only php functions to call the variable are ISSET and == if (isset($_POST["password"]) && ($_POST["password"]=="$X")) ... good stuff... if (isset($_POST['password']) || $X == "") ...other stuff including html form to post the password... I hope this makes sense and I put this in the correct place to ask. If not I apologize, just set me straight. I am aware of security gaps in not trimming or sanitizing javascript/html code but as a new learner I wanted to know if that is all necessary since the input is only checked to see if it exists and if it equals another variable. The input is not stored to a SQL table or echo or anything like that. I'd rather learn I was wrong on a forum than publish this and experience the headaches of a real problem if I am missing something here. Assistance is greatly appreciated. Link to comment https://forums.phpfreaks.com/topic/192344-basic-noob-sanitation-q/ Share on other sites More sharing options...
cags Posted February 17, 2010 Share Posted February 17, 2010 I'd consider this more of a standard PHP question than Regex so I'll move it when I'm done posting. Sanitization of data very much depends on the situations in which the data will be used. If you will never be outputting the data then you do not need to fear XSS attacks for example. The fact that the data contains JavaScript is doing to be irrelevant if that data will never be output. If all you are doing with a value is comparing it to something else then discarding it, you really don't need to worry about sanitation. Link to comment https://forums.phpfreaks.com/topic/192344-basic-noob-sanitation-q/#findComment-1013656 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.