| How do I protect my database from malicious attacks while allowing punctuation marks? |
[eluser]dottedquad[/eluser]
Hello all, So far my regular expression reads: preg_match("/[\W]' '/", $str)) which allows alpha numeric characters and white spaces. However, I would like to allow other punctuation marks to allow for complete sentences without posing a threat to my database. Can someone give me a regular expression example allowing certain punctuation marks? Thank You, Rich
[eluser]WanWizard[/eluser]
If your input is cleaned properly, and if you use active record methods (or escape manually), there is no reason for extra protection. CI will take care of that for you.
[eluser]mlage[/eluser]
Check out the Queries documentation in CI: http://ellislab.com/codeigniter/user-gui...eries.html Go to the bottom of the page for binding queries  Nice and simple... and you don't have to worryAlso, if you haven't read it already, check out the documentation on general security practices for CI: http://ellislab.com/codeigniter/user-gui...urity.html Also, read the documentation about the input class (very nifty )http://ellislab.com/codeigniter/user-gui...input.html
[eluser]dottedquad[/eluser]
[quote author="mlage" date="1280802886"]Check out the Queries documentation in CI: http://ellislab.com/codeigniter/user-gui...eries.html Go to the bottom of the page for binding queries Nice and simple... and you don't have to worryAlso, if you haven't read it already, check out the documentation on general security practices for CI: http://ellislab.com/codeigniter/user-gui...urity.html Also, read the documentation about the input class (very nifty )http://ellislab.com/codeigniter/user-gui...input.html[/quote] I already read about input class and the xss protection. I had no idea about binding queries. This will definitely help me. -Thanks, Rich |
| Welcome Guest, Not a member yet? Register Sign In |
