[FX.php List] [ OFF ] Getting to PCI compliance

Bob Patin bob at patin.com
Sat May 21 22:59:43 MDT 2011


David,

Thanks for the info; I've spoken with someone who's gone through PCI compliance, and the issues can go far beyond just filtering form input. I've got a consultant working with me and will share whatever I learn in the next week, so that others might benefit.

Best,

Bob Patin
Longterm Solutions
bob at longtermsolutions.com
615-333-6858
http://www.longtermsolutions.com
iChat: bobpatin
FileMaker 9, 10 & 11 Certified Developer
Member of FileMaker Business Alliance and FileMaker TechNet
--
Expert FileMaker Consulting 
FileMaker Hosting for all versions of FileMaker
PHP • Full email services • Free DNS hosting • Colocation • Consulting:

On May 21, 2011, at 8:26 AM, David W. Vaklyes wrote:

> I use this function:
> 
> function confHtmlEnt($data)
> {
> 	$text = strip_tags ($data);
>    return htmlentities($text, ENT_QUOTES, 'UTF-8');
> }
> 
> to remove all tags and replace any remaining codes with HTML entities
> 
> Then I use:
> 
> if (isset($_POST)) { 
> $cleanPost = array_map('confHtmlEnt', $_POST); 
> } 
> 
> to clean all the $_POST variables, an a similar one to clean the $_GET variables.
> 
> As far as the password is concerned, as long as you are just storing the hash of what the user enters, and then comparing the stored hash to the hash of what the user enters, you can do pretty much anything you want to the user's actual password entry, as long as you also did it to what they originally entered. So clean the password entry also.
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.iviking.org/pipermail/fx.php_list/attachments/20110521/0e4a4f9a/attachment.html


More information about the FX.php_List mailing list