SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Zealot
    Join Date
    Sep 2000
    Location
    Seattle, WA area
    Posts
    104
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi everybody!

    On a script I'm currently writing, I will be accepting user input and then using that to mail the user their password and their username (the stuff that they just entered). What types of checks should I do on the data? I'm already stripping slashes and stripping HTML tags. Is there anything else I should do?

    Note - This data will also be entered in a database.

    Thanks.

  2. #2
    AdSpeed.com Son Nguyen's Avatar
    Join Date
    Aug 2000
    Location
    Silicon Valley
    Posts
    2,241
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So what do you expect from the input?
    Only accept what you expect, nothing else, rather a bit unfriendly for every single mistake rather than sorry.
    - Son Nguyen
    AdSpeed.com - Ad Serving and Ad Management Made Easy

  3. #3
    SitePoint Zealot
    Join Date
    Sep 2000
    Location
    Seattle, WA area
    Posts
    104
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, I'm basically taking whatever user name they want, so it's not like I can only allow numbers or anything like that.

  4. #4
    SitePoint Zealot cokeman's Avatar
    Join Date
    Dec 2000
    Location
    So. California
    Posts
    173
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    On the HTML side of things, you could restrict the length of the input fields for the login/password -- this somewhat minimizes the damage they can do (say 8 chars instead of unlimited). You could specify that they can use alpha and numeric chars and maybe the underscore and you can use pattern matching to make sure that's what it is.

    For larger text fields, you could do the following:
    Code:
    $msg=str_replace("\\\"",""",$msg);
    $msg=str_replace("<","&lt;",$msg);
    $msg=str_replace(">","&gt;",$msg);
    $quot="\"";
    $msg=str_replace($quot,"&quot;",$msg);
    $msg=nl2br($msg);

  5. #5
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    cokeman you know there is php function to do all of what you did with one line.

    $msg = htmlspecialchars(stripslashes(nl2br($msg)));
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  6. #6
    SitePoint Zealot cokeman's Avatar
    Join Date
    Dec 2000
    Location
    So. California
    Posts
    173
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    doh! I knew there had to be an easier way to do it!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •