#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2000
    Posts
    8
    Rep Power
    0
    Hi.

    I'm currently writing an php application (a bullitin board type thing) where users can enter different input via <input type=text> and <textarea>.
    After they have submitted their input others will be able to see it.

    At this time the user input is validated by the functions "StripSlashes" and "escaspeshellcmd".

    My questions is: what other security precautions (so that users cannot enter dangerous commands which could list directories, execute programs, etc.) should I consider before I let users enter and view their input on my pages where php, cgi and ssi is enabled.
    The pages are running on Unix/Apache 1.3.6

    Tom
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 1999
    Posts
    114
    Rep Power
    16
    Hi Tom,

    For incoming data, the functions to look at (depending on your needs) are:
    addslashes(), trim()

    For sending user-created data back to the browser, you should look at:
    nl2br(), stripslashes(), htmlspecialchars(), and htmlentities

    Also look into magic quotes. This can be a big time saver.

    Oh, I forgot quotemeta().

    I hope I haven't left any out.

    -- Christopher

Similar Threads

  1. C# user input
    By netytan in forum .Net Development
    Replies: 4
    Last Post: April 2nd, 2008, 11:09 AM
  2. converting user input string to int array
    By barbara in forum Java Help
    Replies: 4
    Last Post: February 1st, 2004, 01:33 AM
  3. Forms - saving user input to excel spreadsheet
    By anitatoussaint in forum .Net Development
    Replies: 0
    Last Post: January 24th, 2004, 11:17 AM
  4. Get user input date
    By newbie2003 in forum .Net Development
    Replies: 2
    Last Post: January 20th, 2004, 09:29 PM
  5. user input from windows service
    By paulr1984 in forum C Programming
    Replies: 5
    Last Post: January 15th, 2004, 08:34 AM

IMN logo majestic logo threadwatch logo seochat tools logo