Validating user input

Dev Shed Forums Sponsor:

February 4th, 2000, 12:30 PM

tskou

Junior Member

Join Date: Feb 2000

Posts: 8

Time spent in forums: < 1 sec
Reputation Power: 0

Hi.

I'm currently writing an php application (a bullitin board type thing) where users can enter different input via <input type=text> and <textarea>.
After they have submitted their input others will be able to see it.

At this time the user input is validated by the functions "StripSlashes" and "escaspeshellcmd".

My questions is: what other security precautions (so that users cannot enter dangerous commands which could list directories, execute programs, etc.) should I consider before I let users enter and view their input on my pages where php, cgi and ssi is enabled.
The pages are running on Unix/Apache 1.3.6

Tom

February 6th, 2000, 01:27 PM

scollo

Contributing User

Join Date: Apr 1999

Posts: 114

Time spent in forums: 42 m 44 sec
Reputation Power: 15

Hi Tom,

For incoming data, the functions to look at (depending on your needs) are:
addslashes(), trim()

For sending user-created data back to the browser, you should look at:
nl2br(), stripslashes(), htmlspecialchars(), and htmlentities

Also look into magic quotes. This can be a big time saver.

Oh, I forgot quotemeta().

I hope I haven't left any out.

-- Christopher

Viewing: Dev Shed Forums > Programming Languages > PHP Development > Validating user input

« Previous Thread | Next Thread »

Developer Shed Advertisers and Affiliates

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox

Forum Jump