Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Phil Barnes
January 30, 2006, 4:56 pm
rate this thread
I have found the PHP Sanitize functions provided by OWASP to be a
If I use sanitize_paranoid_string or sanitize_system_string, the output
is enclosed within double quotes.
$string = '"'.preg_replace('/$/', '$', $string).'"';
//make sure this is only interpretted as ONE argument
Is there a <em>security</em> reason why this is done? Also, could
someone elaborate on the comment that follows the command, I'm
embarassed to admit, that I'm not sure what it means.
Once, I "sanitize" the data, I don't want it to be enclosed within the
double quotes, so if I do this instead...
$string = preg_replace('/$/', '$', $string);
...is this just as secure? Or should I strip the quotes off afterwards?