Hi.
I'm looking a regex to sanitize a query string
but I'm not able to build the regex can you help
me, please ?
For instance:
(fake code 
)
function ParseQuery(){
$result = array();
foreach(explode('&', (string)$_SERVER['QUERY_STRING']) as $arg){
if(preg_match(REGEX, $arg, $matches)){
$result[$matches[1]] = (string)$matches[2];
}
}
return $result;
}
Bye.
It's important to understand that not all security holes can be patched with a regular expression. Your code not only leaves the REGEXP blank, it also lacks any list of what the REGEXP might look for. The reason you're having trouble coming up with that list is that there is no REGEXP that will make you secure every time.
Take this example: Is the following string dangerous or not?
12345 or id > 0In some forms, that would be very normal, safe, expected input (maybe a web site about helping people with math homework, for example). And on another web site, that could be a critical problem. Fatal even,
So do you filter out ">" signs? No, because in some SQL queries, they are perfectly fine.
So instead of a magic REGEXP, what you really need is to do a little research on how SQL injection works... and then you'll be able to prevent security problems with good programming.
etully wrote:It's important to understand that not all security holes can be patched with a regular expression. Your code not only leaves the REGEXP blank, it also lacks any list of what the REGEXP might look for. The reason you're having trouble coming up with that list is that there is no REGEXP that will make you secure every time.
Take this example: Is the following string dangerous or not?
12345 or id > 0In some forms, that would be very normal, safe, expected input (maybe a web site about helping people with math homework, for example). And on another web site, that could be a critical problem. Fatal even,
So do you filter out ">" signs? No, because in some SQL queries, they are perfectly fine.
So instead of a magic REGEXP, what you really need is to do a little research on how SQL injection works... and then you'll be able to prevent security problems with good programming.
Thanks a lot for the ready reply.
I think that for the same job I use
[URL="http://it2.php.net/manual/en/function.parse-str.php"]http://it2.php.net/manual/en/function.parse-str.php[/URL]
For the SQL injection I'm using
http://it2.php.net/manual/en/function.mysqli-real-escape-string.php
I check all the values from user input
with regex
and finally I use http://it2.php.net/manual/en/function.sprintf.php
for the query
If the input is a string I use this class
http://phpclasses.phpsoft.it/browse/package/2189.html
against XSS attacks
Do you have any other tip ?