input-sanitization

How to escape strings in MSSQL using PHP?

I'm looking for the alternative of mysql_real_escape_string() for MSSQL. Is addslashes() my best option or there is another alternative function that can be used? Edit: Alternative for mysql_error() would also be useful. ...

filtering user input in php

hello guys, Am wondering if the combination of trim(), strip_tags() and addslashes() is enough to filter values of variables from $_GET and $_POST ...

How can I protect against SQL injection attacks using Perl's DBI?

Is there a function i can use in Perl to sanitize input before putting it into a MySQL db? I don't know regex very well so before I make my own function i was wondering if there was already one made. ...

Is preg_match safe enaught in input satinization?

Im building a new web-app, LAMP environment... im wondering if preg_match can be trusted for user's input validation (+ prepared stmt, of course) for all the text-based fields (aka not html fields; phone, name, surname, etc..). For example, for a classic 'email field', if i check the input like: $email_pattern = "/^([a-zA-Z0-9_\-\.]+)@...

PHP input sanitizer?

What are some good PHP html (input) sanitizers? Preferably, if something is built in - I'd like to us that. UPDATE: Per the request, via comments, input should not allow HTML (and obviously prevent XSS & SQL Injection, etc). ...

PHP solution to sanitize user formatted input and make XHTML Strict compliant

What are best solutions for making user formatted input safe + script/flash free XHTML Strict compliant Tidy converts HTML to XHTML Strict. Any similar/alternative options that does this plus sanitizes and removes embedded scripts and flash? ...