Hello, I'm pulling in the RSS feed from Craigslist into a rails app I'm building. When I try and insert content from the posts into my database, there's plenty of bad characters that cause the database to choke. I've tried a few different methods (the Sanitize plugin, hpricot, regexing the input) but nothing seems to work right. I'm ...
BLUF: In this function, \' prompt the error message but not \?, Why? char key[] = "\a\b\f\n\r\t\v\\\'\"#%&*;:<>\?/{|}~"; if (strpbrk(*local_str, key) != NULL ) { vico_param_out->out_valid = false; AfxMessageBox("L'identifiant de numérisation est invalide. Vous avez saisi des caractères qui ne peuv...
This is the sanitization function used in a book I recently learned from - Sams Teach Yourself Ajax, JavaScript, and PHP All in One. I've been using it on my own PHP site. Is it safe for real-world usage? function sanitizestring($var) { $var = strip_tags($var); $var = htmlentities($var); $var = stripslashes($var); return mysql_...
What are best solutions for making user formatted input safe + script/flash free XHTML Strict compliant Tidy converts HTML to XHTML Strict. Any similar/alternative options that does this plus sanitizes and removes embedded scripts and flash? ...
To ensure data privacy, I have to publish a list of addresses after removing the street numbers. So, for example: 1600 Amphitheatre Parkway, Mountain View, CA needs to be published as Amphitheatre Parkway, Mountain View, CA What's the best way to do this in Java? Does this require regex? ...
I would like to clarify what is the proper way to filter user input with php. For example I have a web form that a user enters information into. When submitted the data from the form will be entered into a database. My understanding is you don't want to sanitize the data going into the database, except for escaping it such as mysql_esca...
I have a form with a lot of variables which is then sending an email, rather than sanitizing each $_POST value with filter_var($_POST['var'], FILTER_SANITIZE_STRING); I was after a more simple piece of code. I came up with the below, which seems to work as I believe the default action is FILTER_SANITIZE_STRING, but I was just wondering ...
Example form <% form_for @search do |f| %> <ul> <li> <%= f.label :item_number_equals, "Item number" %><br /> <%= f.text_field :item_number_equals %> </li> <li> <%= f.label :description_keywords, "Description" %><br /> <%= f.text_field :description_keywords %> </li> <li> <%= f.check_box...
I'm passing PHPSESSID to a PHP page (via POST) and I was wondering what's the best way of sanitizing the input. Would mysql_real_escape_string suffice? Is there anything special I should take into account when dealing with session IDs (I mean, they can only be letters and numbers right?)? EDIT: To clarify the question, what I really wan...
I have a PHP application. I allow users to upload files to my web application. Question: What's the best way for me to sanitize the file names of the uploaded documents $_FILES["filename"]["tmp_name"] in PHP? UPDATE: Can I take an MD5 of the uploaded filename and use that as the newly assigned filename? If so, how do I do that in PH...
I'm using an offsite error logging package for my python web application. When I send an error I include the contents of (among other things) the POST variable and some template data. Some of this data must not be sent to the error logging service (passwords, some other template data). How can I take a payload that consists of a mix of ...
I have implemented a search engine in C for my html website. My entire web is programmed in C. I understand that html input sanitization is necessary because an attacker can input these 2 html snippets into my search page to trick my search page into downloading and displaying foreign images/scripts (XSS): <img src="path-to-attack-site...
I'm writing a Drupal module to integrate with a custom Java-based REST API for creating, authenticating, and managing user accounts. I'm using drupal_query_string_encode to encode the calls I'm making to the API. Should I also use something like check_plain (or something else) to sanitize username, password, & email values before callin...
I am storing user generated html code in the database, but some of the codes are broken (without end tags), so when this code will mess up the whole render of the page. How could I prevent this sort of behaviour with ruby on rails. Thanks ...
Hi I am working on a case where I need to clean invalid XML characters I receive from a SharePoint web service. I know fixing the source is the right thing to do - however this issue has been reported back in 2008, and I have yet to find that Microsoft has released a patch for it. For now, I call the Web Service using the Provider inte...
We need to generate a unique URL from the title of a book - where the title can contain any character. How can we search-replace all the 'invalid' characters so that a valid and neat lookoing URL is generated? For instance: "The Great Book of PHP" www.mysite.com/book/12345/the-great-book-of-php "The Greatest !@#$ Book of PHP" www.my...
I've got a string containing an SQL statement. I want to find out whether the query will modify data or database structure, or if it will only read data. Is there some way to do this? More info: In our application we need to let the users enter SQL-queries, mainly as part of the applications report system. These SQL queries should be al...
Hi folks, I have a set of questions, of which I do not have an answer to. 1) Stripping lists of string input: 'item1, item2, \t\t\t item3, \n\n\n \t, item4, , , item5, ' output: ['item1', 'item2', 'item3', 'item4', 'item5'] Anything more efficient than doing the following? [x.strip() for x in l.split(',') if x.strip()] 2) Clea...