PHP Sanitize
- From: "Phil Barnes" <garmingeek@xxxxxxxxx>
- Date: 30 Jan 2006 08:56:44 -0800
Hello - crossing over from the Dark Side (ASP/Windows) to PHP/NIX.
I have found the PHP Sanitize functions provided by OWASP to be a
useful resource.
First Question:
If I use sanitize_paranoid_string or sanitize_system_string, the output
is enclosed within double quotes.
e.g.
<code>
$string = '"'.preg_replace('/\$/', '\\\$', $string).'"';
//make sure this is only interpretted as ONE argument
</code>
Is there a <em>security</em> reason why this is done? Also, could
someone elaborate on the comment that follows the command, I'm
embarassed to admit, that I'm not sure what it means.
Once, I "sanitize" the data, I don't want it to be enclosed within the
double quotes, so if I do this instead...
<code>
$string = preg_replace('/\$/', '\\\$', $string);
</code>
....is this just as secure? Or should I strip the quotes off afterwards?
T.I.A.
.
- Prev by Date: Re: Newbie needs a workaround - No Cron Jobs on Godaddy shared server!
- Next by Date: Re: include question
- Previous by thread: include question
- Next by thread: need help getting php working
- Index(es):
