[thelist] Server validation -- which chars to reject?
Ken Kogler
ken.kogler at curf.edu
Sat Nov 9 22:44:08 CST 2002
Like any good web developer, I'm doing server side validation of my
forms. I had previously been using regex to filter out any
non-alphanumeric characters for most input fields, but this no longer
works for me.
I copy/pasted this validation code to a username/password login form,
and now it chokes on more elaborate passwords that use characters other
than A-Z and 0-9 (like "h!-m0m").
Obviously I need to refine this script a bit (since my own passwords are
never just alphanumeric!), but here's my question -- which characters
are harmless, and which ones do I need to explicitly reject? I'm aware
that the single quote "'" can be used in SQL Injection attacks, but are
there any others that I should watch out for?
Thanks in advance, everyone!
--Ken
More information about the thelist
mailing list