[Israel.pm] RegEx in HTML Character

Georges EL OJAIMI G-OJAIMI at cyberia.net.lb
Tue Jan 29 12:24:01 PST 2008


Hello,

I got this link http://www.securityfocus.com/infocus/1768 which contain 
different kind of SQL injection, however I still want to capture the 
following:

[b] [/b]
[i] [/i]
[u] [/u]

What is the RegEx pattern to check the characters [ ]

Georges

ik wrote:
> Hi,
>
>
> On Jan 29, 2008 7:00 AM, Yona Shlomo <yona at cs.technion.ac.il> wrote:
>   
>> On Mon, 28 Jan 2008, Georges EL OJAIMI wrote:
>>
>>     
>>> Hello,
>>>
>>> Yona Shlomo wrote:
>>>       
>>>> How does the following help prevent HTML characters and SQL
>>>> injection into the database?
>>>>         
>> Can you answer this question? How does this transformation
>> of yours help prevent SQL injections?
>>     
>
> Personally I'm removing chars that I do not expect to have, so if I
> expect a number value, I do something like this:
>
> s/[^0-9]//g
>
> Now chars that might effect HTML/SQL are escaped when I use them on
> HTML/SQL (not before, because it might change the content that I wish
> to check, like %20 for spaces [in URI] etc).
> On SQL, I also use binding (if possible I recommend name binding
> rather then anonymous binding).
> I usually create some sort of tools that does all of this for me, so I
> will not have to write a lot of code for each work I require, and you
> might even want to create a module such as Sanitize::HTML and
> Sanitize::SQL that will be able to work well.
> For HTML I recommend the cgi module, it has great escaping features.
>
> Ido
>   




More information about the Perl mailing list