[nycphp-talk] preg_match and pattern matching

Brian Dailey brian at
Fri Dec 12 09:39:55 EST 2008

Instead of re-inventing the wheel, I suggest taking a look at some of 
the code written by others. This is a common problem to any web developer.

One example would be CakePHP's Sanitize class:

Chris Shiflett's blog has a lot of resources on PHP security:

- Brian

mikesz at wrote:
> Hello and Greetings,
> I have just been reviewing a script that says its a PHP firewall. It
> is using an array with 250 elements that are all basically subsets of
> code and injections that hackers use to break into sites. I could
> easily take this array and create a preg_match test but was wondering
> at what point pattern matching gets unmanageable or impractical. This
> script looks a lot like .htaccess using mod rewrite to block badguys.
> I would appreciates some feedback on this, what is the rest of the
> world using to block or intercept bad guy injection attacks?

realm3 web applications []
Information architecture, application development.
phone: (917) 512-3594
fax: (440) 744-3559

More information about the talk mailing list