BLaZuRE Posted November 25, 2010 Share Posted November 25, 2010 I'm researching ways that my server can be vulnerable. So far, I've strongly relied on regex to sanitize anything susceptible to user input/manipulation. Should I be trying other methods? Should I be changing input to html entities, even though they're bypassed w/ regex? Any recommendations on other methods to secure my server besides securing user input? Link to comment https://forums.phpfreaks.com/topic/219850-sanitizing-input/ Share on other sites More sharing options...
btherl Posted November 25, 2010 Share Posted November 25, 2010 It really depends on where the data is going. If it's going to a database, follow that database's rules for sanitizing (eg mysql_real_escape_string() or prepared statements). If it's going to an HTML page, use html entities. If it has a restricted range or character set (such as an integer, or an email address) then regex is appropriate for checking and/or enforcing that range. Link to comment https://forums.phpfreaks.com/topic/219850-sanitizing-input/#findComment-1139670 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.