[thelist] Form Security
DAVOUD TOHIDY
dtohidy at hotmail.com
Tue Jul 20 09:35:03 CDT 2010
> Date: Tue, 20 Jul 2010 08:42:09 -0500
> From: codeacula at codeacula.com
>
> On Tue, Jul 20, 2010 at 8:27 AM, DAVOUD TOHIDY <dtohidy at hotmail.com> wrote:
> > I appreciate you and everybody who contributed to this. However I believe I would go with my original code that I posted. What I am interested in is receiving only the Alphabetical text without anything extra from the user.
> So, following your code, if I do:
>
> <?php echo(mysql_real_escape_string(strip_tags(stripslashes(htmlentities(trim("LOL!
> I'm gunna hax ur script! \\<script
> type='text/javascript'\\>alert('Bunghole!')</script>"))))));?>
>
> I get:
> LOL! I\'m gunna hax ur script! <script
> type=\'text/javascript\'>alert(\'Bunghole!\')</script>
>
> Which, as you can see, contains far more than just "Alphabetical text".
That was an excellent explanation. Thanks a lot. I get your point. However what it is in the final result is a safe input that I can understand and that you haxed my script :)
The issue is that I am not a Hacker nor I am a geek in PHP. I am almost a recent graduate and practicing PHP.
I really don't know what a hacker can do. A hacker might be able to get some script from internet and pass by say htmlentities. Then the other ones will do that. I mean will protect the site.
I know for a really good hacker that does not mean much :) however I believe making it harder for script kiddies well worth it. What do you think?
_________________________________________________________________
Learn more ways to connect with your buddies now
http://go.microsoft.com/?linkid=9734388
More information about the thelist
mailing list