> -----Original Message-----
> From: Jason Gerfen [mailto:[EMAIL PROTECTED]
> Sent: 07 December 2005 19:34
> To: comex
> Cc: [email protected]
> Subject: Re: [PHP] Preventing Cross Site Scripting Vulnerbilities
> function chk_input( $string ) {
> if( eregi( "^[0-9a-z_ -]$", $string ) ) {
> return 0;
> } else {
> return 1;
> }
> }
>
> if( chk_input( $string ) == 0 ) {
> echo "valid";
> } else {
> echo "invalid";
> }
Urgh! Nothing like making the simple things complicated! ;)
The above is effectively the same as (the more readable and more
efficient):
function chk_input( $string ) {
return eregi( "^[0-9a-z_ -]$", $string );
}
if (chk_input( $string )) {
echo "valid";
else {
echo "invalid";
}
And, personally, I'd use preg in there rather than ereg, as it's more
efficient, more up-to-date, and more supported.
Cheers!
Mike
------------------------------------------------------------------------
----------------
Mike Ford, Electronic Information Services Adviser, Learning Support
Services,
JG125, The Library, James Graham Building, Headingley Campus, Beckett
Park,
LEEDS, LS6 3QS, United Kingdom
Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
To view the terms under which this email is distributed, please go to
http://disclaimer.leedsmet.ac.uk/email.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
