Sanitizing code
Posted: Sat Feb 13, 2010 4:31 am
Hello
If you use preg_match() to check data should you still sanitize it afterwards, assuming you are not allowing any "" or \\ or other injection characters in pregmatch? eg. "/^[a-zA-Z0-9 _.-]+$/", which would not allow charaters for injection.
If you use preg_match() to check data should you still sanitize it afterwards, assuming you are not allowing any "" or \\ or other injection characters in pregmatch? eg. "/^[a-zA-Z0-9 _.-]+$/", which would not allow charaters for injection.