• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
I want to allow all URI chars... am I really insane?

#11
[eluser]TheFuzzy0ne[/eluser]
[quote author="dtrenz" date="1236046131"]If you are escaping all queries and writing smart code, can you probably get away with turning this off? Yes.[/quote]

Uhm, actually, no. For the many reasons mentioned above. The problem isn't just with SQL injection attacks, it's also to do with how servers handle URI characters.

#12
[eluser]jdfwarrior[/eluser]
[quote author="dtrenz" date="1236046906"][quote author="jdfwarrior" date="1236046325"]
Quote:Because if I see, "The URI you submitted has disallowed characters" one more time, I swear I will throw my keyboard through my monitor.

Any advice or insight is welcome. Thanks -d

code better? Smile[/quote]

ha.

The issue I'm having is that the former version of a site (not written by me) that I am rebuilding, was done using horribly cryptic URLs containing lots of bad URI chars... but I can't just blackhole any legacy links out there, so I have to let them in so I can redirect them to the nice new pretty CI URLs.

I would never code anything that would put disallowed chars in the URI (except maybe a "+").[/quote]

Was just messin with ya Smile Wasn't implying that your coding sucked and you just decided to buck the system and say "NO! IM NOT DOING THAT!"


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.