[thelist] Form Security

DAVOUD TOHIDY dtohidy at hotmail.com
Tue Jul 20 09:35:03 CDT 2010

> Date: Tue, 20 Jul 2010 08:42:09 -0500
> From: codeacula at codeacula.com
> On Tue, Jul 20, 2010 at 8:27 AM, DAVOUD TOHIDY <dtohidy at hotmail.com> wrote:
> > I appreciate you and everybody who contributed to this. However I believe I would go with my original code that I posted. What I am interested in is receiving only the Alphabetical text without anything extra from the user.
> So, following your code, if I do:
> <?php echo(mysql_real_escape_string(strip_tags(stripslashes(htmlentities(trim("LOL!
> I'm gunna hax ur script! \\<script
> type='text/javascript'\\>alert('Bunghole!')</script>"))))));?>
> I get:
> LOL! I\'m gunna hax ur script! &lt;script
> type=\'text/javascript\'&gt;alert(\'Bunghole!\')&lt;/script&gt;
> Which, as you can see, contains far more than just "Alphabetical text".

That was an excellent explanation. Thanks a lot. I get your point. However what it is in the final result is a safe input that I can understand and that you haxed my script :)

The issue is that I am not a Hacker nor I am a geek in PHP. I am almost a recent graduate and practicing PHP.

I really don't know what a hacker can do. A hacker might be able to get some script from internet and pass by say htmlentities. Then the other ones will do that. I mean will protect the site.
I know for a really good hacker that does not mean much :) however I believe making it harder for script kiddies well worth it. What do you think?

Learn more ways to connect with your buddies now

More information about the thelist mailing list