I've not much idea about the security issues and hackers attacks. I got a program written by some other programmer which Resets User Password.
Code: Select all
$newpass = preg_replace ('/[\\:\\/\\>\\<\\)\\(\\?\\#\\!\'\\"\\]\\[\\%\\,\\~\\=\\+\\&\\*\\{\\}\\|\\;]/', '_', $newpass);Code: Select all
/><)(?#!’”][%,~=+&*}{;|I think this is bad because we are restricting a user to enter his desired password. Please tell me. Are these characters harmful in php ?
As I have read in an article regarding SQL injection, if a user enters ' or / or some of these characters PHP Engine adds an additional Slash with that character and takes care of security itself. Please tell me am I right or wrong?
Should I remove the above check or not ?
thanks.
Waqas