Vulnerability Development mailing list archives
String checking with PHP
From: buanzox () USA NET (Arturo Busleiman)
Date: Wed, 24 May 2000 15:19:05 -0300
(Version en espa~nol, leer mas abajo)
Well, yesterday I asked for help regarding how to check if a string has
only valid characters, well here I attach what I programed by myself, I
hope it is useful for everyone out there who needs it. It's really simple,
and if you experts find any bug or problem (exceptuating speed :), PLEASE
mail me.
=-=-=
Bueno, lo siguiente es una funcioncita que escribi en PHP que lo que hace
es devolver TRUE si una cadena contiene SOLAMENTE caracteres validos
(definibles, obviamente).
ver el codigo adjunto (test_string.php3) para ver como funciona.
cualquier bug o duda, me mandan un email!
un abrazo para todos.
*> Get PGP KEY: use pgpk -a hkp://horowitz.surfnet.nl/buanzox () usa net
*> Lista social de mail. Envia e-mail en blanco a lsb-subscribe () egroups com
*> Panic? My kernel doesn't panic! We are doomed! DustDustDust!!!!
<?php
/*
Demonstration program of a string checking function, that is:
if string has unwanted characters, it is INVALID. (returns FALSE).
by Arturo Busleiman <buanzox () usa net>.
Thanks go to VULN-DEV () SECURITYFOCUS COM
Hey, my first useful function with PHP :)
*/
$VALID_CHARS_LOW = "abcdefghijklmnopqrstuvwxyz";
$VALID_CHARS_UP = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$VALID_CHARS_NUM = "0123456789";
$VALID_CHARS_SYMBOL = "-_@."; // you may add whatever you need..
$VALID_CHARS_ALPHA = $VALID_CHARS_LOW.$VALID_CHARS_UP;
$VALID_CHARS_ALL = $VALID_CHARS_ALPHA.$VALID_CHARS_NUM.$VALID_CHARS_SYMBOL;
function chequear ($cadena,$validos) {
for ($z=0;$z<strlen($cadena);$z++)
for ($i=0;$i<strlen($validos)+1;$i++) {
if ($i==strlen($validos)) return(FALSE);
if ($validos[$i]==$cadena[$z])
break;
else
continue;
}
return(TRUE);
}
$string1 = "whateveryouwant2check () mpol com ar";
$string2 = "yeah, right!;ls -ald ~user";
$string3 = "378192317";
if (chequear($string1,$VALID_CHARS_ALL)==FALSE) printf("cadena
invalida<BR>"); else printf("cadena VALIDA<BR>");
if (chequear($string2,$VALID_CHARS_ALL)==FALSE) printf("cadena
invalida<BR>"); else printf("cadena VALIDA<BR>");
if (chequear($string3,$VALID_CHARS_ALPHA)==FALSE) printf("cadena
invalida<BR>"); else printf("cadena VALIDA<BR>");
?>
Current thread:
- Re: reverse engineer c or java, (continued)
- Re: reverse engineer c or java Erik Debill (May 22)
- Re: reverse engineer c or java za () boo ma fu (May 21)
- Re: reverse engineer c or java Bluefish (May 22)
- Re: reverse engineer c or java za () boo ma fu (May 22)
- Re: reverse engineer c or java Bluefish (May 23)
- Re: reverse engineer c or java Mark Rafn (May 20)
- Re: reverse engineer c or java Pedro Hugo (May 20)
- Re: reverse engineer c or java phazer (May 20)
- Re: reverse engineer c or java Warner Losh (May 21)
- Re: reverse engineer c or java Liviu Daia (May 22)
- String checking with PHP Arturo Busleiman (May 24)
- Re: String checking with PHP Joe (May 24)
- Re: String checking with PHP Arturo Busleiman (May 24)
- Why not a changeling? Daniel Petzen (May 20)
- Re: Why not a changeling? Bluefish (May 20)
- Re: Why not a changeling? Daniel Petzen (May 20)
- Netscape forms using standard windows controls No User (May 21)
- Re: Netscape forms using standard windows controls Derek Reynolds (May 21)
- Re: Netscape forms using standard windows controls Pavel Kankovsky (May 22)
- Re: Netscape forms using standard windows controls Chon-Chon Tang (May 22)
- Re: Why not a changeling? Bluefish (May 21)