[Owasp-delhi] Need Code for sanitizing inputs in PHP
gunwant.s at gmail.com
Mon Aug 3 12:42:13 EDT 2009
OK, If you are looking for a piece of cake, then I would suggest you to
"include" functions in your code that have already been built by experts for
input/output validation anterior to be included in the PHP distributions.
You would not be able to find any built-in security input/output validation
functions in standard PHP distributions as yet.
Instead you can download and include functions in your code like the famous
"field_validator" function available here:
http://www.osix.net/modules/article/?id=218. By doing this you still will
be using Regexs but you do not have to include regexs on each field. You
will use the function call instead.
Hope that helps. Let me know anything else you want to cognize.
On Mon, Aug 3, 2009 at 10:11 AM, Abhishek Kumar <abhishek.luck at gmail.com>wrote:
> Hi list,
> I do have an idea about Regular expressions and its usages in preventing
> XSS and SQL injection.
> but the thing is, I want a function which is already written in a
> compact manner
> so that it tackles all XSS and SQL injection problems.
> As a newbie perhaps I would miss some conditions/"malicious strings".
> On Fri, Jul 31, 2009 at 10:58 PM, Gunwant Singh<gunwant.s at gmail.com>
> > Do you have any idea on 'Regular Expressions'?
> > On Wed, Jul 29, 2009 at 8:13 PM, Abhishek Kumar <abhishek.luck at gmail.com
> > wrote:
> >> hi list,
> >> I am looking for code for sanitizing each and every input for SQL
> >> injection
> >> and XSS in PHP
> >> I need a function say sanitize(<input>), where <input> would be a
> >> value which user is supplying in
> >> the web page.
> >> this sanitize function should return the sanitized value after
> >> removing all possible sql injection
> >> and xss strings.
> >> another way could be, sanitize(input) should return true (if no
> >> malicious string found) or false (if some malicious string is found)
> >> any help is appreciated.
> >> regards
> >> abhi
> >> _______________________________________________
> >> Owasp-delhi mailing list
> >> Owasp-delhi at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-delhi
> > --
> > Gunwant Singh
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-delhi