[GLLUG] Programming Project
Peter Smith
psmith.gllug at gmail.com
Tue May 13 21:59:59 EDT 2008
Charles Ulrich wrote:
> While we're on the topic of programming, I have a general question for
> any PHP coders out there... how do _you_ deal with input sanitation?
>
Don't let users type in data. :)
> Is there a class or something that makes this straightforward...
>
http://www.w3schools.com/PHP/php_filter.asp (since 5.1, I believe)
Functions and Filters
To filter a variable, use one of the following filter functions:
* filter_var() - Filters a single variable with a specified filter
* filter_var_array() - Filter several variables with the same or
different filters
* filter_input - Get one input variable and filter it
* filter_input_array - Get several input variables and filter them
with the same or different filters
> ... or do
> you really have to carefully scrutinize every variable and SQL query
> because an automated process can never cover every contingency?
Well, of COURSE you do. http://xkcd.com/327/
-- Peter Smith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.egr.msu.edu/mailman/public/linux-user/attachments/20080513/02d69329/attachment.html
More information about the linux-user
mailing list