WebApp Sec mailing list archives
PHP variable sanitization functions
From: "Gavin Zuchlinski" <gzuchlinski () pgsit org>
Date: Sun, 24 Aug 2003 19:52:26 -0400
Hello list, I wrote a couple of sanitization routines that are better suited for certain situations (arguments to system(), variables in SQL, paranoid, etc...) for everyone to use. Everything is based off of some simple regular expressions so it should be pretty portable to other languages. Now please help me make these functions a little bit better and more versatile :-). Let me know all the ways to break this to still do nasty things that these routines are meant to stop, and also if sanitization breaks anything. Finally.... http://libox.net/sanitize.php -Gavin Zuchlinski http://libox.net/
Current thread:
- PHP variable sanitization functions Gavin Zuchlinski (Aug 24)
- Re: PHP variable sanitization functions Liam Quinn (Aug 24)
- Re: PHP variable sanitization functions Jamie Pratt (Aug 25)
- Re: PHP variable sanitization functions Gavin Zuchlinski (Aug 25)
- <Possible follow-ups>
- Re: PHP variable sanitization functions Ulf Harnhammar (Aug 26)
- Re: PHP variable sanitization functions Jan Pieter Kunst (Aug 26)
- Re: PHP variable sanitization functions Cameron Green (Aug 26)
- Re: PHP variable sanitization functions Jan Pieter Kunst (Aug 27)
- Re: PHP variable sanitization functions Cameron Green (Aug 27)
- Re: PHP variable sanitization functions Gavin Zuchlinski (Aug 28)
- Re: PHP variable sanitization functions Jean-Jacques Halans (Aug 29)
- Re: PHP variable sanitization functions Jan Pieter Kunst (Aug 26)
- Re: PHP variable sanitization functions Liam Quinn (Aug 24)