Cleaning input enough?#
Input validation is a known issue, but writing some PHP code today let me write the following and I’m wondering if I forgot something. It is only to make sure no cleansed variable will enter a switch statement for example.
<?php
if (isset(_POST['action']))
if (strlen(preg_replace("/[^a-zA-Z0-9-]/i","",_POST['action'])) == 0)
page_action =_POST['action'];
else
page_action = '';
else
page_action = '';
switch ($page_action) {
...
For now, I need to check the code that no $_POST
variable is entering the code unchecked before I put the code online. This also includes variables for SQL statements to eliminate SQL injections.
Getting Ext3 or Ext4 journal size
Starting to stop SQL injections