Hey folks,
Let me preface this with the fact that I know
information like this exists online, but it's a bear
trying to find good examples. I checked the list archives,
and got minimal information. Also, I'm posting to this list
rather than the -users because this does target a database
environment.
I am working on a very basic project to put a bunch
of computer-related information into a searchable PostgreSQL
database. I'm using PHP 4.0.6 to connect to PostgreSQL
7.1.2, via Apache 1.3.20.
I'm a sysadmin, so one of my first concerns is for
my site to be as secure as I can make it, without crippling
my ability to do anything. Hence, I have taken reasonable
steps to minimize the chances of problems, like connecting
to the database with an unprivileged user (SELECT privs
on only the necessesary tables). The user can't DROP, or
INSERT, or anything.
I'm now looking for real, working examples for scrubbing
input submitted via a form. I've gone over code snippets, read
security-related articles, and haven't been able to find any
real (read - targetted at beginning developers) examples for
this. I want to take the safer approach, and only allow a set
of characters, rather than trying to weed out the "evil."
I would greatly appreciate it if you folks could
pass me some URL's for this, or some small blurbs of code...
I've read dozens of 'use regex' hints, but I need to understand
a bit more about how to _use_ them, not how to _form_ them.
Sorry to be so long winded... I appreciate any tips/tricks/URLs
you can give me. :) Thanks!
Benny
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A 'good' landing is one from which you can walk away. A 'great'
landing is one after which they can use the plane again.
--Rules of the Air, #8
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
