Caution will nasty user input

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I've received some input from the user's browser, checked it for unpleasant
stuff, and determined that it contains characters I'm not happy with. I'd
like to store it or email it to an administrator for inspection (so attack
types can be monitored and so on).

What steps should I take to ensure that the code that delivers the email or
writes to the log file doesn't get exploited by something which I know is
nasty? I thought of base64 encoding it, but that would render it unreadable
without a special viewer of some sort. Is there something I can do to
guarantee the string is harmless without obfusticating it too much?

The email address used to post is a spam pit. Contact me at : <a
href=" /">Derek Fountain</a>

Re: Caution will nasty user input

Derek Fountain wrote:
Quoted text here. Click to load it
email or
know is

htmlspecialchars() ?

<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com    Blog: /

Site Timeline