WikiJuanan : AtaqueInyecciónSQL

antecedentes
correo alex
modo reparacion
enviar a http://www.rediris.es/cert/index.es.html

owever I find writing preg_match sometimes can be tiring, and that's why I use owasp php filters to simplify the work for me. It consists of one function sanitize(), that take the variable that you want to filter and an option.

The option may be any of this value PARANOID,HTML,INT,FLOAT,LDAP,SQL,SYSTEM and UTF-8 that filters the type of data accordingly. For example if you want your variable to contain only floating-point number, then you can code it like this :

< ?php

require('sanitize.inc.php');

$var=100.50;

$float = sanitize($var,FLOAT);

?>

I isn't much, but surely it will simplify your php coding a bit more, the other option is self-explanatory save PARANOID, which means that the variable will contain only alphanumeric character after sanitize.

SQL is handy if you want to include the variable value inside an SQL statement, this will avoid the risk of the notorious SQL injection which will affect the security of your data.