| SvavarL | 2007-01-28 21:16:00 |
 Posts: 11 Topics participated: 9 Topics started: 2 First post: 2006-10-16 00:17:00 Last post: 2007-08-29 15:24:00 |
This mod is supposed to be a security enhancement and verifies if the supplied strings really contain what they should contain. For example it verifies if a string *really* contains a number but not something else in addition. It is very good to use such caution if you are dealing with user input that can influence SQL statements or can cause critical damage. In my opinion mysql_real_escape_string is not enough as it only escapes certain characters and there are still possibilites a string is sent with a SQL statement that is not as intended (like normal alphabet where there should be only a number). Note that this function is useful however in certain cases but not all. The verifystring function verifies roughly if certain formats are kept and executes the die command if it finds anything that's not supposed to be there. Guide to where this function should and should not be placed: - Should be used on the line before the command that uses that variable. - If that variable is changed or could be changed, place after the command but before it is used again. If not used again, no need to use it again. - Not to be used for functions that use data straight from integer columns in SQL unless it's used to calculate or change other variables (like math formulas and "id" column data). - Should not be used for big text fields with no special restrictions of certain characters, like forum posts. Use mysql_real_escape_string instead. This function is supposed to be as secure as possible but I'm not perfect. Therefore, I place it under your review so you can check it out and/or maybe help make it better as there could be something I have forgotten or not bothered to do. Notes: 1. I did not use any of the regular expressions codes because I would like to keep this code as PHP-module independent as possible. 2. Some places do have "older functions" rather than the new ones so it can be used in older PHP versions (the aim was PHP 4 although I use PHP 5 myself). 3. The e-mail domain-part verification (checkdnsrr) depends on functions not compatible with the Windows versions of PHP. You might want to leave them out or change them for code that works on the Windows platform if you are aiming to use that on Windows. 4. The "die()" functions are not executed inside the verifystring function as that would just stop the function and not the whole code and therefore still execute the rest of it. 5. Don't know exactly why I developed the md5 function but I figured some people would like to have it. 6. If you really don't want the whole script to die, you can change "die($verifystring);" for "bark($verifystring);" but that is not recommended. (if somebody is really breaking into your site, you don't really need them to finish executing the PHP code). This snippet can be placed anywhere in include/bittorrent.php but I suggest right below the line "" at the top. /* $verifystring = verifystring($string_to_verify,$type); if($verifystring !== TRUE) |
 |
Verify strings (security)
Similar threads
| Topic | Posts | Last post |
|---|---|---|
| Security | 5 | 2008-03-19 00:05:00 |
| security | 2 | 2008-02-24 01:08:00 |
| More security | 11 | 2008-08-11 01:12:00 |
| Best Security | 1 | 2007-11-18 15:19:00 |
| even more security | 13 | 2008-12-14 22:56:00 |
Statistics
| Today's active topics · | |
|---|---|
| User(s) active in the past 30 minutes | |
| 60 Guests, 12 Members DarkWarrior, netmumus, Pappy, Menacie, Dorin, Zeleni, BlackPhantom, KinGSiZe, chupy, FlySkyHigh22, delivery, Nekroido Wiadomości , ryłko , SuperCars , limo chicago Airport , Airport limo chicago masaż okolice Warszawy opony zimowe sprzedam kupie mieszkanie expekt Ogrodnicze Ogłoszenia | |
| Often viewed topics | |
| · AJAX shoutbox · banner · help · Nice UserCp · Status Bar On Logo · Complete anonym... · AJAX shoutbox · my mates new look · Announcement sc... · browse · do u think 15 y... · Balloon Tooltips · Custom Table Bo... · why is that? · Write color · nedd a site ski... · yet another ima... · Casino 3 in 1 · 0 seed 0 lech help · wrong time in l... | |
| Forthcoming Calendar Events within the next 5 days | |
| There are no forthcoming calendar events | |