sanitizing_php_for_malicious_user_input
All php input had to be sanitized. For example,
instead of just doing:
$id = $_GET["id"];
change it to be something like:
if (isset($_GET["id"]) ) {
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_STRING);
if( preg_match("/^(al|ep)\d\d$/", $id) ) {
$id = $id;
} else $id = "";
} else $id = "";
sanitizing_php_for_malicious_user_input.txt · Last modified: 2012/12/04 22:41 by juckins