I am using the following to clean the input from my contact form:
< Code> & lt; Php $ name = tab_tags (strips slash ($ _ POST ['name'])); // It is repeated for many other areas, then: if (Injected ($ name)) is {dead}; } / * See * / // Mail below the INTEXED function? & Gt; I am using this function:
& lt ;? Php / * function from http://phpsense.com/php/php-mail to Html (/ str +), '(\ t +)', '(% 0A +)', '(% 0D +)' 'Html' / function isjected ($ str) {$ injection = array ('(\ n +)', '(\ r +)', '' (% 08 +) ',' (% 09 +) '); $ Inject = addition ('|', $ injection); $ Inject = "/ $ injection"; If (preg_match ($ inject, $ str)) {return true; } Other {return false; }}? & Gt; Is it enough to clean up my contact form?
Thank you.
It seems that civilization and average is better than inputvalidation. Personally I also like to handle the input type. In my base controller I have a valid date of input, email address etc. If you add such validation for your current verification, then you are managing IMO well.
No comments:
Post a Comment