Frida k
Reputation: 41
regex to make sure safe input. no script injections html etc?
Im looking for a regex to make sure noboy haxes in stuff I dont want in a guesbook I made in PHP. Such as, scripts, sqlinjections, html etc. But still I want the users to be able to use as many chars as they can (ex :)(/?!.,"&-_) without doing the site less safe.
ideas of how that regex would look like?
Upvotes: 0
Views: 335
Answers (2)
John
Reputation: 87
Use PDO or MySQLI with prepared and bound statements. If you do it right, you won't need to worry about Regex - unless you really want to go over-kill with security ;)
Upvotes: 1
thatidiotguy
Reputation: 9011
htmlspecialchars($output)
Note that htmlspecialchars helps prevent XSS, not SQL injection. To prevent SQL injection, use prepared statements. To prevent CRSF, you can do a little research.
Upvotes: 3
Related Questions
- How can I validate regex?
- Regex to validate the input rules
- Using Regular Expressions with user input in PHP
- PHP - Properly validate and/or sanitize form input
- Regular expression validation to prevent spam registrations?
- Regex for Input Validation in PHP
- Validate regex without throwing warning
- How can I check if a regular expression is not harmful in PHP
- php - how to validate a regular expression itself?
- PHP Regex Validation