Tips and PHP code examples of how to sanitize your user input

From the article:

How to sanitize your php input

Never trust user input, it may be malicious, always check your php input.

Check all global arrays like $_GET, $_POST, $_REQUEST, $_COOKIE, allow only known variables and make sure that they contain the right type of data.

What does this mean ? It means that if you have a $_GET[‘id’] variable in your script which has to be an integer, always check it and make sure it is an integer.

Also don’t allow other variables in $_GET or other globals, keep only variables that your scripts need. So, if your script only uses only one variable $_GET[‘id’] then dispose other variables. Here is how I do it.

Advertisements

~ by WPA Staff on February 2, 2010.

One Response to “Tips and PHP code examples of how to sanitize your user input”

  1. […] ========================= We are not claiming to be the original source of this post, some links might be automatically be removed, so see the original story at: howto « WordPress.com Tag Feed […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: