WebApp Sec mailing list archives
Re: Anyone have some basic security tips for PHP-programmers?
From: Härnhammar, Ulf <Ulf.Harnhammar.9485 () student uu se>
Date: Sun, 23 Nov 2003 18:36:46 +0100
Also sprach Tommy Gildseth <tommy () akili no>:
Yes, but none of your examples overlap with the piece of code I was commenting on. Ie, the original code doesn't solve any of the problems you have described here.
OK, I suppose I was making a general comment about magic quotes instead of commenting on A. Binder's code.
As far as I have experienced, it's not a problem to ignore wether magic quotes is on or not. Just act os if they are not.
Well, it's not a security problem, but as Tim Oliver just pointed out, it's irritating with applications that add lots of extra slashes here and there. You type in "Tommy Gildseth's mailinglist post" and they display it as "Tommy Gildseth\'s mailinglist post". It's ugly. This is what I do in PHP: if (get_magic_quotes_gpc()) { $name = stripslashes($name); $phone = stripslashes($phone); } I e, if magic quotes are on, you strip one layer of slashes from all user data. If magic quotes are off, you don't strip any slashes, because they are typed in by the user, and should be left alone. You then have all data in their original form, which of course has to be processed before the data is included in web pages, SQL statements, e-mail messages and so on. (Lots of scandinavians on this list for some reason..) -- Ulf Härnhammar, student, Uppsala universitet "Jag är en tvivelaktig figur / Duger ej mycket till" -- Cornelis Vreeswijk, "Somliga går med trasiga skor" Uggs != Cmectbb
Current thread:
- Re: Anyone have some basic security tips for PHP-programmers?, (continued)
- Re: Anyone have some basic security tips for PHP-programmers? Tommy Gildseth (Nov 20)
- Re: Anyone have some basic security tips for PHP-programmers? James Mitchell (Nov 20)
- RE: Anyone have some basic security tips for PHP-programmers? arek (Nov 20)
- Re: Anyone have some basic security tips for PHP-programmers? James Mitchell (Nov 22)
- Re: Anyone have some basic security tips for PHP-programmers? DownBload (Nov 18)
- RE: Anyone have some basic security tips for PHP-programmers? Keifer, Trey (Nov 18)
- Re: Anyone have some basic security tips for PHP-programmers? tim (Nov 22)
- Re: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 22)
- Re: Anyone have some basic security tips for PHP-programmers? Tommy Gildseth (Nov 23)
- Re: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 23)
- Re: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 22)
- RE: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 24)
- Re: Anyone have some basic security tips for PHP-programmers? Andreas (Nov 25)
- Re: Anyone have some basic security tips for PHP-programmers? Härnhammar , Ulf (Nov 25)
- Re: Anyone have some basic security tips for PHP-programmers? Sverre H. Huseby (Nov 25)