Well, as it turns out there is a ready-made fix to some of the horrid inser-input-filtering problems I - and probably any PHP coder - encounter.
This morning was the first time I saw Rasmus Lerdorf speak and, although his views on web security want me to give up coding in general and become a potato farmer more specifically, he did point out some tools to make it a lot harder for a macilious user to abuse any web app you write.
The pecl filter module contains ready-made data validation and input filtering functions that you can relatively easily stick on the top of any page that takes user input and impose some saniation. Additionally, you can force a default filter on all GPC vars.
A short but helpful tutorial is available at http://devzone.zend.com/node/view/id/1113
Add new comment