BLaZuRE Posted November 25, 2010 Share Posted November 25, 2010 I'm researching ways that my server can be vulnerable. So far, I've strongly relied on regex to sanitize anything susceptible to user input/manipulation. Should I be trying other methods? Should I be changing input to html entities, even though they're bypassed w/ regex? Any recommendations on other methods to secure my server besides securing user input? Quote Link to comment Share on other sites More sharing options...
btherl Posted November 25, 2010 Share Posted November 25, 2010 It really depends on where the data is going. If it's going to a database, follow that database's rules for sanitizing (eg mysql_real_escape_string() or prepared statements). If it's going to an HTML page, use html entities. If it has a restricted range or character set (such as an integer, or an email address) then regex is appropriate for checking and/or enforcing that range. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.