securing forms from malicious code
What is the standard web practice to prevent malicious code being executed within a form? Would you have some server-side code to check for particular characters? If so, what characters need to be blocked?
What is the standard web practice to prevent malicious code being executed within a form? Would you have some server-side code to check for particular characters? If so, what characters need to be blocked?
Mark Hensler posted this at 17:20 — 28th October 2002.
He has: 4,048 posts
Joined: Aug 2000
What kind of malicious code? If your worried about people trying to pass PHP code to execute, just don't eval() anything from the form. If your worried about javascript (like in a guestbook), you should strip all HTML tags.
Mark Hensler
If there is no answer on Google, then there is no question.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.