Advertisement:

Author Topic: Sanitizing Data  (Read 18954 times)

Offline RustyBarnacle

  • Sr. Member
  • ****
  • Posts: 722
    • Saving Tallingroth
Sanitizing Data
« on: January 30, 2009, 01:35:05 PM »
I was wondering if there was a tutorial somewhere on this.

I'd never heard of it until I asked about how much security is looked into when someone submits a mod.  My mod has a lot of forms in it and while I don't think I'd open a security risk, I'm not sure.  I say that because the users only get to fill in check boxes and its the admins that have the textareas and such.  So if only the admin has a textarea, I'm hoping I wouldn't open a hole.

If someone could point me in the right direction that would be great.

Offline karlbenson

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 15,584
  • Gender: Male
    • @mortonssols on Twitter
    • Criminal Solicitors
Re: Sanitizing Data
« Reply #1 on: January 31, 2009, 05:25:37 AM »
Anything submitted by users should be checked / stripped / made safe

any checkboxes should be made sure that they are 1 or 0
any ints casted as integers
eg $var = (int) $var
and checked that between your valid ranges eg can it be negative, can it be 99999999999

any text fields, between valid lengths, html and javascript and other bad code removed
chars converted to html safe versions eg < to &lt; with htmlentities();

IF on 1.1.x, you need to escape chars that could result in sql injection (like single, double quotes)
IF on 2.x, the new query functions will do the escaping.

Offline RustyBarnacle

  • Sr. Member
  • ****
  • Posts: 722
    • Saving Tallingroth
Re: Sanitizing Data
« Reply #2 on: February 01, 2009, 01:18:42 AM »
Thanks!

So much for being almost done, apparently I need to secure it now.  :)