Hey folks,
Let me preface this with the fact that I know information like this exists online, but it's a bear trying to find good examples. I checked the list archives, and got minimal information. Also, I'm posting to this list rather than the -users because this does target a database environment. I am working on a very basic project to put a bunch of computer-related information into a searchable PostgreSQL database. I'm using PHP 4.0.6 to connect to PostgreSQL 7.1.2, via Apache 1.3.20. I'm a sysadmin, so one of my first concerns is for my site to be as secure as I can make it, without crippling my ability to do anything. Hence, I have taken reasonable steps to minimize the chances of problems, like connecting to the database with an unprivileged user (SELECT privs on only the necessesary tables). The user can't DROP, or INSERT, or anything. I'm now looking for real, working examples for scrubbing input submitted via a form. I've gone over code snippets, read security-related articles, and haven't been able to find any real (read - targetted at beginning developers) examples for this. I want to take the safer approach, and only allow a set of characters, rather than trying to weed out the "evil." I would greatly appreciate it if you folks could pass me some URL's for this, or some small blurbs of code... I've read dozens of 'use regex' hints, but I need to understand a bit more about how to _use_ them, not how to _form_ them. Sorry to be so long winded... I appreciate any tips/tricks/URLs you can give me. :) Thanks! Benny ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A 'good' landing is one from which you can walk away. A 'great' landing is one after which they can use the plane again. --Rules of the Air, #8 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]