I have a php website. My form page is validated through both, PHP, and Javascript. The javascript makes a box appear on the page that says, “errors, etc. etc.” How do I limit the text areas to where no special characters are allowed? I’m not really that great with php so please over-explain your answers. Thanks.
Pages
Archives
Should
What
People
Vodafone
Airtel
Email
Hack
Does
Iphone
Know
Best
AntiVirus
Computer
Password
Phone
Prevent
Hacking...?
That
Change
Which
Possible
Into
Linux
Using
Someone
Anyone
Internet
Account
Idea
Without
Injection
Really
Difference
Have
Free
With
From
Your
Root
Yahoo
Between
Good
Whats
There
Where
Jailbroken Iphone 2g Lost Connection To Net On Vodafone?Does Anyone Know How To Top Up Someone's Vodafone Phone In Holland From Ireland?Is There A Good Converter For Mod Files To Convert Mod Video?What Is The Difference Between An Unlocked Iphone And A "high Quality" Copy Iphone From China?What Is The Simplest Way To Mod A Wii To Play Dvds?How Do I Get A Sniper Mod For My Halo Demo?What Hardware Stores Sell Glass You Can Have Them Custom Cut For You?Hardware??Sql Injection Help? Http://www.inhumangames.com/lo…How To Auto Login As Root In Linux(fedora Core 8).?How Well Does Avast Antivirus Work For You?How To Hack Email Accounts?How Easy/hard Is It To Hack Gmail, Hotmail, Or Yahoo! Email Without A Password?Why Is Computer Hacking So Open These Days?Can Anyone Tell The Market Segmentation Starategies Of Indian Cellular Players?Which Is The Most Convenient 3g Usb Modem? Vodafone? T-mobile?How Do I Get A Jailbroke 3g Iphone Working For My Gfs Tmobile Account?Question About Sql Injection In Php?Linux Root Login Help!?How To Get Rid Of The Popup For Antivirus Pro 2009?The Phone Co Has Informed Me That There Was An Attempt To Hack Into My Email, What Are They Looking For?Can People On Yahoo Answers Hack Into Your Computer More Easily Since You Have An Account Here?Can You Hack A Psp With The Ac Adapter In While Hacking?Which Mobile Connection Should I Go For?Which Is The Best Gsm Mobile Service In Gujarat?Whats The Difference Between The Regular Apple Iphone And The New Iphone 3g?Help With Sql Injection?Reset Root Password In LinuxWhat Is The Best Antivirus On The Market Today?I Need To Know Is There Any Possibility Of Hacking A Email Password And What Is The Way How To Hack That?Can People Hack Into Your Computer Using Yahoo Chat Rooms Or Messenger?How Do You Feel About Kids Hacking Through Programs Schools Use To Block Websites?Why Does Vodafone Live Keep Coming Up In Plain Text And Not In Full Page, Colour Mode?My Daughters Sony Ericsson W580i On Vodafone Will Not Download Music Station Any Ideas How To Do It?Is There A Way To Sync Your Iphone On A Different Without Erasing Everything?Sql Injection Prevention?How To Recovery Linux Root Passwd? I Forgot The Passwd.?Can Someone Hack A Computer Just With An Ip And Email Address?How Does My Brother Hack My Yahoo Messenger In Less Than A Minute?What Is The Statutes For Federal Hacking Laws?What Is The Name Of The Juno Song On The Vodafone Ad?How Can Get Collection Or Address Verification Agency?How Much Is The Iphone In The Philippines?Sql Injection My Idea?How To Create A Root Partition For Linux Red Hat Installation?What's The Best Website To Download Good Antivirus For Free?On Myspace Does A Hacker Need Your Login Password Or Email To Hack It?Can Somebody Really Hack Your Yahoo Password?What Are Some Of The Good Websites To Learn Networking And Hacking Tricks?What Is The Best Mobile Network In London, Becuase Some Poeple Told Me Vodafone Is The Best,?Why Cannot Make Or Receive Calls? Network Busy Message On Vodafone All The Time?How Can I Get Changes Made To My Iphone Contacts To Update My Yahoo Address Book?Quick Sql Injection Question?Linux Chane Root Password?What Antivirus Programs Do Computer Shops Use?Is It Possible That Someone Hack My Yahoo Id?What Is The Difference Between Hacking A Phones And Unlocking A Phone?How Do I Open A Message At Vodafone Live?Does Anybody Know How To Manually Set Up Inernet Browsing With Vodafone For The Lg Viewty?How Can I Unlock My Unactivated Iphone Without Having To Buy Anything?Privilege Escalation Via Sql Injection?I Can T Make A "root" Login From A Computer To The Linux Computer With Telnet , But I Can Make It With AnotherWhat Is The Best And Longest Lasting Antivirus Software?Is It Legal For Someone To Have Jag/private Attorney Hack Into Personal Email Accounts?Is It Possible For Someone To Hack Their Way In To My Yahoo!id And Pose As Me?How Can It Be That Hacking Causes Problems In A Modern Digital Society?What Are The Internet Setting For Pay As You Talk Vodafone?How Much Do You Really Pay For An Iphone?Does Anyone Know Sql Injection Attacks?What's The Risks Of Running Linux As Root All The Time?What Antivirus - Internet Security Should I Buy For My Wireless Computer?Can Someone Hack Your Youtube And Email Accounts?Can I Hack Into A Yahoo Im As Its Happening?What Are Penalities For Hacking An Email Account?Blackbery Phones. I Am With Vodafone In Spain Now, Will A Blackberry Phone Work?I Need To Unlock A Nokia 6680 Set To Vodafone?What Is The Current Status Of The Iphone 3g Unlock?Sql Injection Invalid Characters?How To Scp As Non-root In Redhat Linux?I Have Symantec Antivirus And It Wont Let Me Connect To Limewire? How Do I Get Access To Limewire On Symantec?If You Had A Degree In Computing Would You Have The Capabilities To Hack Into Email Accounts?How Do I Hack Into A Yahoo Email?How Can I Tell The Seriousness Of My Cat's Hacking Like Cough?Can I Fit An Antenna To My Vodafone Dongle?Is It Possible To Top Up A Friend's Vodafone Uk Phone From Canada?How Can I Transfer My Iphone Contacts To My Computer And Then From A Computer To Another Computer? Pages
Recent Comments
- .1337G4M on What’s The Best Website To Download Good Antivirus For Free?
- Ashura on What’s The Best Website To Download Good Antivirus For Free?
- OMFG!sna on What’s The Best Website To Download Good Antivirus For Free?
- Anonymous on How Well Does Avast Antivirus Work For You?
- Dragoner on What’s The Best Website To Download Good Antivirus For Free?
May 22nd, 2009 at 9:09 am
You need to restrict your textarea to a certain pattern. For this you can use regular expressions. You should add regular expression validation of textarea contents to both client side and server side validation logic.
Javascript has good regular expression support. You can find references for it here:http://www.regular-expressions.info/java…
On that same website, you can see how to use regular expressions with PHP. Also, you might need a general reference on regular expressions, which you can find here:http://www.regularexpression.info/
May 22nd, 2009 at 2:01 pm
If you are using PHP then:
$theValue = $HTTP_GET_VARS["myFormVariable"];
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
get_magic_quotes_gpc() returns true/false if addslashes() has been turned on globally. If it hasn’t then do it manually each time.
addslashes Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote (’), double quote (”), backslash () and NUL.
This also seems to help with with text box injection.
May 22nd, 2009 at 3:17 pm
To truely prevent SQL injection, you need to do it on the PHP side. Someone can always work around the Javascript protections. You have a number of options on the PHP side of things, and you should probably impliment a couple of them.
The most basic, if you are using PHP 5.1+ is to use PDO and prepared statements for all of your SQL statements. PDO is an abstraction layer that works with almost any database back end that PHP supports - http://us3.php.net/manual/en/ref.pdo.php
Another thing you should do, is filter out all user entries (this includes cookies) using regular expressions. The most important filter you should add is the removal (or replacement) of quotes. If the quotes need to be included (for example, if the entry is supposed to take html that includes links) you will need to either slash them out (addcslashes() ) or use PDO. You can also prevent cross site scripting by removing at least the