Checking input against a number of different regexs...?
Posted: Tue Dec 30, 2008 8:07 am
I have some input that I wish to filter against a number of keywords and phrases in order to increase security against bad guys. For example, if someone accesses my login page, I would have that input first be checked against the word "select", and then maybe something like the equals sign or the string "<?php", etc. Before I continue, though, is this a good idea? With the exception of losing that one or two users who might use a username with the word "select" in it or whatever, I thought that the security gained would be better than the loss. What are some other strings I might check for if this is a good idea?
As for the actual scanning / filtering process, though, are there any PHP functions that can help me do this without having to make multiple preg_match_all()s within OR statements?
This is an example of where I'm heading:
As you can see above, I would like to possibly use something like an array for my keywords (or even a separate text document) that can be progressively scanned all the way through, this way I might only have 2 conditions (one for the username, and one for password; both of which would be checked against the keyword source variable or document for certain phrases and or keywords). If there are any functions that can cycle through a given array in the fashion I speak of, what is it?
I would appreciate any feedback or thoughts on this as I am trying to learn more about PHP security.
As for the actual scanning / filtering process, though, are there any PHP functions that can help me do this without having to make multiple preg_match_all()s within OR statements?
This is an example of where I'm heading:
Code: Select all
if(substr($form_username,0,6) == 'select' || substr($form_password,0,6) == 'select')
$bad_ip = getenv("REMOTE_ADDR");
header('Location: index.php');I would appreciate any feedback or thoughts on this as I am trying to learn more about PHP security.