WebApp Sec mailing list archives
Re: php to do input validation...
From: Kevin Carlson <kevin () kcarlson net>
Date: Wed, 02 Feb 2005 16:10:47 -0800
Only if it can do things not easily accomplished otherwise.I generally clean up user input using preg_replace and regular expressions. That's just one extra line of code and arguably more self-documenting than adding more parameters to other functions, or creating new ones....
Kevin Matthew Wirges wrote:
I thought this was interesting... http://news.php.net/php.internals/14474Turns out that there may be input filtering in PHP's future. Maybe even in the next release of 5.x. Read that thread for more information.My question for webappsec, is do you think its a good idea for a programming language to add this sort of functionality? Does it coddle users? Does it give a false sense of security (especially if they aren't implemented right)? Or do the positives outweigh the negatives?Cheers, -matt
Current thread:
- php to do input validation... Matthew Wirges (Feb 02)
- Re: php to do input validation... Kevin Carlson (Feb 03)
- Re: php to do input validation... Griffiths, Ian (Feb 03)
- RE: php to do input validation... Andrew van der Stock (Feb 03)
- Re: php to do input validation... Darren Bounds (Feb 03)