[FX.php List] [ OFF ] Getting to PCI compliance
David W. Vaklyes
dwv-fmp at wmc-worldwide.com
Sat May 21 07:26:08 MDT 2011
I use this function:
function confHtmlEnt($data)
{
$text = strip_tags ($data);
return htmlentities($text, ENT_QUOTES, 'UTF-8');
}
to remove all tags and replace any remaining codes with HTML entities
Then I use:
if (isset($_POST)) {
$cleanPost = array_map('confHtmlEnt', $_POST);
}
to clean all the $_POST variables, an a similar one to clean the $_GET variables.
As far as the password is concerned, as long as you are just storing the hash of what the user enters, and then comparing the stored hash to the hash of what the user enters, you can do pretty much anything you want to the user's actual password entry, as long as you also did it to what they originally entered. So clean the password entry also.
More information about the FX.php_List
mailing list