Stack Overflow
Stack Overflow

Questions tagged [sanitization]

Data sanitization to prevent code injection

Data santization is used to prevent code injection problems, by secure input and output handling, such as:

  1. Input validation
  2. Selective input inclusion/exclusion
  3. Escaping dangerous characters. For instance, in PHP, using the htmlspecialchars() function (converts HTML tags to their ISO-8859-1 equivalents) and/or strip_tags() function (completely removes HTML tags) for safe output of text in HTML, and mysql_real_escape_string() to isolate data which will be included in an SQL request, to protect against SQL Injection.
  4. Input encoding
  5. Output encoding
  6. Other coding practices which are not prone to code injection vulnerabilities, such as "parameterized SQL queries" (also known as "prepared statements" and sometimes "bound variables" or "bound values").
  7. Modular shell disassociation from kernel
1083 questions
-3
votes
1 answer

Do I need to sanitize the code if am using eval()

I am storing forms as well as the form processing scripts, javascript validation scripts and form CSS in the database, am using eval() for PHP code, so my question is do I need to to htmlspecialchars(), htmlentities()? Anyways am using…
Random Guy
  • 2,878
  • 5
  • 20
  • 32
-4
votes
1 answer

PDO secure ways to safe code from sql injections but using kali can still cause to inject

I have google and searched for sanitization the user posted data and found lot of examples and functions but i haven't find yet any solution which help me to resolve my confusion. My question is that what is basically done in the following php…
Abdul Rahman
  • 1,669
  • 4
  • 24
  • 39
-4
votes
2 answers

Best way for String sanitization PHP

what is the best way to sanitize this STRING to prevent SQL Injection? $order_by_str = 'dest ASC'; EDIT $whitelist = array('start','target','exec'); if ( in_array( $order_by, $whitelist ) ) { $order_by_str = $order_by; } else { …
The Masta
  • 837
  • 3
  • 9
  • 17
1 2 3
72
73