News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

DevShed:
Sanitizing Input with PHP
December 13, 2011 @ 11:49:31

DevShed.com has a new tutorial posted today looking at how to sanitize data in your application, specifically data coming from the user, when calling shell commands.

Neglecting to sanitize user input that may subsequently be passed to system-level functions could allow attackers to do massive internal damage to your information store and operating system, deface or delete Web files, and otherwise gain unrestricted access to your server. And that's only the beginning.

He starts with a "real world" example of non-filtered data that could pass through a "rm" command and erase your entire drive. He offers two solutions for preventing this sort of hack using the escapeshellcmd and escapeshellarg functions.

0 comments voice your opinion now!
sanitize input shell command tutorial escapeshellcmd escapeshellarg


blog comments powered by Disqus

Similar Posts

DevShed: Abstracting Database Access Using Polymorphism with Objects in PHP 5

Vidyut Luther's Blog: Adding Subscribers to Campaign Monitor Lists using PHP5 and SOAP

ProDevTips.com: Extending PHP Doctrine Record - Check Box Groups

PHPBuilder.com: Handling Hierarchical Data in MySQL and PHP

Elizabeth Smith's Blog: Treeviews and Cell Renderer Properties - Practical PHP-GTK


Community Events











Don't see your event here?
Let us know!


introduction overview code security framework language package facebook symfony2 podcast opinion release component composer series unittest hhvm hack application install

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework