[FX.php List] [OFF] Filemaker Web Security?
Joel Shapiro
jsfmp at earthlink.net
Sat Sep 6 12:48:29 MDT 2008
Hi Dale
I thought using UTF-8 was enough to deal with pasted-in text, e.g. w/
curly quotes. It seemed to have been sufficient on one of my pages
where people were pasting from Word.
What function(s) do you use to "wash the data"?
-Joel
On Sep 5, 2008, at 6:12 PM, Dale Bengston wrote:
> Yes. Besides the malicious use of "sql injections" and such, people
> copy text from word files, emails, and just about everywhere else
> and paste it in your input fields. (This is a good thing - people
> shouldn't have to re-type.) If they have curly quotes, or other
> high-ascii stuff, and their document uses different encoding than
> your site, weird things can result. Better to catch it and wash the
> data before it hits your tables.
>
> Dale
>
> On Sep 5, 2008, at 2:21 PM, Joel Shapiro wrote:
>
>> As to my question "Do people here do that on *all* submittable
>> fields?...", the "that" I'd meant was filtering the fields in PHP
>> before submission to FM, e.g. using htmlentities(), strip_tags(),
>> etc. Do people do *that* on all submittable fields?
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
More information about the FX.php_List
mailing list