php - Filtering User Input -

-

i've read quite few q&a's on filtering user input here, of time answer depends on you're doing. here's i'm doing:

data submitted via form used in mysql query:

function clean($field, $link) {     return mysql_real_escape_string($field, $link); }

data submitted via form displayed on html/php page or in email:

function output_html($value) {     return stripslashes(htmlspecialchars($value)); }

data displayed database:

function output_db($value) {     return stripslashes($value); }

is sufficient needs? there i'm not considering?

thanks!

use mysql_real_escape_string() when inserting strings sql queries, no matter input comes from.

use htmlspecialchars() or htmlentities() when inserting strings html code, no matter input comes from.

use urlencode() when inserting values query string of url, no matter values come from.

if data comes user, should these things because there chance user trying bad things. security aside--what if want insert legitimate string sql query , string happens have single quote character in it? still must escape it.


Comments

Post a Comment

Popular posts from this blog

c# - how to write client side events functions for the combobox items -

-
<dx:aspxcombobox id="aspxcombobox2" runat="server" clientidmode="autoid" selectedindex="-1" onselectedindexchanged="aspxcombobox1_selectedindexchanged1" > <clientsideevents selectedindexchanged="function(s, e) { grid.selectrows();}" /> <items> <dx:listedititem text="selecte rows" /> <dx:listedititem text="unselectall" /> </items> </dx:aspxcombobox> i want write event "unselect all" item in combobox. how can this? you'll need write javascript function iterates thru combo-box , marks selected items false. see select/unselect checkbox fields using pure javascript , html sample code msdn:
Read more

exception - Python, pyPdf OCR error: pyPdf.utils.PdfReadError: EOF marker not found -

-
pypdf throws exception: pypdf.utils.pdfreaderror: eof marker not found i don't need fix pypdf, need eof error cause "except" block execute , skip on file, doesn't work. still causes program stop running. background: batch ocr program pdfs python, pypdf, adobe pdf ocr error: unsupported filter /lzwdecode ... saga continues. i got 10,000 pdfs in folder. ocrd, not. can't tell 'em apart. step 1 figure out ones not ocrd , ocr (see other threads details). so i'm using pypdf. exceptions related unrecognized characters , unsupported filters when try read text. guestimated if throws exception, it's got text in , doens't go in list. problem solved, right? so: pypdf import pdffilewriter, pdffilereader import sys, os, pypdf, re path = 'c:\users\homer\documents\my pdfs' filelist = os.listdir(path) has_text_list = [] does_not_have_text_list = [] pdf_name in filelist: pdf_file
Read more