filter metacharacters from user input.

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
ichikawaono
Forum Newbie
Posts: 2
Joined: Tue Jan 28, 2014 12:50 am

filter metacharacters from user input.

Post by ichikawaono »

How to filter metacharacters from user input. This is the finding after Security Posture Assessment.Nowadays, most of the web applications have this kind of problem. How to filter it? :banghead:
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: filter metacharacters from user input.

Post by requinix »

Best practice is not to filter the input but to escape it so that it won't cause any problems. Unless you want to post code to get help understanding what's wrong and how to fix it, Google for terms like "SQL injection" and "XSS".
ichikawaono
Forum Newbie
Posts: 2
Joined: Tue Jan 28, 2014 12:50 am

Re: filter metacharacters from user input.

Post by ichikawaono »

do we need to develop a new function for this. It Happen on my forgot password and email's field..does anyone have fix this problem before this
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: filter metacharacters from user input.

Post by requinix »

It depends on the code you have in place now.

I'm going to keep shooting blind until you start giving real, concrete details about the application.
Post Reply