Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: PHP variable sanitization functions
From: Ulf Harnhammar (metauroperamail.com)
Date: Tue Aug 26 2003 - 06:23:39 CDT
Hello, putting together those functions was a nice initiative!
Some more things to change:
* You should also check for the length of strings. Being able to send in thousands of characters from an allowed set of characters could lead to buffer overflows, if a web application passes data over to C/C++ programs. It's best to disallow too long strings.
* In some situations, numeric values must be (a) numeric (eh) and (b) in a certain range, to avoid huge iframes (makes my machine completely overloaded, when using Galeon or Mozilla) or problems with widths that are zero or negative.
Something like this (warning! untested code!) might be useful:
function sane_integer($val, $min, $max)
if (!preg_match('/^-?[0-9]+$/', $val))
if (($val < $min) or ($val > $max))
// Ulf Harnhammar
kses - PHP HTML/XHTML filter
Get OperaMail Premium today - USD 29.99/year
Powered by Outblaze