Re: How do I test safe form input?
From: Reply Via Newsgroup (reply-to-newsgroup_at_please.com)
Date: 03/13/04
- Next message: Reply Via Newsgroup: "Re: Cookies are driving me nuts!"
- Previous message: Reply Via Newsgroup: "Re: upgrage from 4.1.2 to 4.3.3+?"
- In reply to: Joshua Beall: "Re: How do I test safe form input?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 13 Mar 2004 05:24:07 GMT
Joshua Beall wrote:
> You should also keep in mind that the things you want to be careful for very
> with the context of the form. If it is something you are going to echo back
> to the browser, you do not care if somebody uses a semicolon; the semicolon
> is a legitimate punctuation mark. On the other hand, if this is getting
> passed to MySQL or something else that attributes special meaning to the
> semicolon, then need to be careful.
>
> What I am saying is, in order to make sure your form is safe, you have to
> consider the context. So, what are you trying to do with this form? Is it
> going to be a used in a SQL query or what?
>
>
Yes Yes Yes!
At last - someone who seems to know where I am comming from - This is
specifically what I am concerned about (that characters might be
mis-interpreted as a command as opposed to ordinary data). I believe I
have managed to cover my ass but I'd like to test, safely.
Any ideas?
- Next message: Reply Via Newsgroup: "Re: Cookies are driving me nuts!"
- Previous message: Reply Via Newsgroup: "Re: upgrage from 4.1.2 to 4.3.3+?"
- In reply to: Joshua Beall: "Re: How do I test safe form input?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
