I've found this site during searching google for my security questions.
One of the biggest problem in web programming is securiy. There are lots of "to-do's" but sometimes we can miss the simple points.
I am working on a link manager project which will be usable by public.
I decided to implement "limit the allowed characters" method for protection. For example;
I am using
$string = eregi_replace('[^a-zA-Z0-9]','',$string); return $string;for parsing and cleaning user inputs.
But the problem is parsing and inserting the user provided url's to db ...
How should i handle user urls ?
I am redirecting users with this frame setup;
<frame name="main" src="<?=$url;?>" scrolling="auto">
Any idea ?