WebApp Sec mailing list archives

PHP variable sanitization functions

From: "Gavin Zuchlinski" <gzuchlinski () pgsit org>
Date: Sun, 24 Aug 2003 19:52:26 -0400

Hello list,
I wrote a couple of sanitization routines that are better suited for certain
situations (arguments to system(), variables in SQL, paranoid, etc...) for
everyone to use. Everything is based off of some simple regular expressions
so it should be pretty portable to other languages.
Now please help me make these functions a little bit better and more
versatile :-).  Let me know all the ways to break this to still do nasty
things that these routines are meant to stop, and also if sanitization
breaks anything.
Finally.... http://libox.net/sanitize.php

-Gavin Zuchlinski
http://libox.net/

Current thread:

PHP variable sanitization functions Gavin Zuchlinski (Aug 24)
- Re: PHP variable sanitization functions Liam Quinn (Aug 24)
  - Re: PHP variable sanitization functions Jamie Pratt (Aug 25)
  - Re: PHP variable sanitization functions Gavin Zuchlinski (Aug 25)
- <Possible follow-ups>
- Re: PHP variable sanitization functions Ulf Harnhammar (Aug 26)
  - Re: PHP variable sanitization functions Jan Pieter Kunst (Aug 26)
    - Re: PHP variable sanitization functions Cameron Green (Aug 26)
    - Re: PHP variable sanitization functions Jan Pieter Kunst (Aug 27)
    - Re: PHP variable sanitization functions Cameron Green (Aug 27)
    - Re: PHP variable sanitization functions Gavin Zuchlinski (Aug 28)
    - Re: PHP variable sanitization functions Jean-Jacques Halans (Aug 29)

(Thread continues...)