Jump to content

Vicne

Members
  • Content Count

    1
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Vicne

  • Rank
    Newbie
  1. Hi, I think the page about PHP form validation should make clear that validation issues depend on the context and that the proposed validation (the "test_input" function at the end) only protects against rogue URLs. Indeed, I just found a rather popular page in IoT community that uses that exact function for values to be inserted in a database. Unfortunately, if I'm not mistaken, the test_input function does nothing to prevent SQL injection (a value like "1';drop table SensorData;" would happily pass through test_input) and, to the contrary, would modify perfectly valid SQL string values (e.g. with slashes) before insertion. Currently, as your page starts with "Think SECURITY when processing PHP forms!" and ends with a section named with the generic "Validate Form Data With PHP" title, one expects that this code is the universal way of validating data. I think it would be good to make clear that most of this page is about a particular case of validation and that the proposed function is a method to "Validate URL parameters With PHP", and that other methods are to be applied depending on the context... Keep on the good work, Vicne
×
×
  • Create New...