NYCPHP Meetup

[nycphp-talk] User Input Data scrubbing

Konstantin Rozinov krozinov at gmail.com
Sat Nov 29 22:26:52 EST 2008


does anyone know where I can find a list of sample MALICIOUS data that
i can input into my forms to see how the code reacts?
i'm not looking for any automation or program, just the actual sample
data.  i'm trying to do QA on my code.

any help would be greatly appreciated. thanks.



On Sat, Nov 29, 2008 at 12:12 AM, Elijah Insua <tmpvar at gmail.com> wrote:
> Yeah, or these two words: "Filter Input"
>
> Which ever route you take. you also need to do sql injection cleansing.
>
> scrub, rinse, repeat.
>
> On Fri, Nov 28, 2008 at 8:00 PM, Chris Shiflett <shiflett at php.net> wrote:
>>
>> On Nov 28, 2008, at 16:59, Michele Waldman wrote:
>>
>>> What about inserting a comment
>>>
>>> <script>alert('hi');</script>'; delete from users;
>>>
>>> Like I'm going to name my table users?
>>>
>>> With that one statement about they have performed a sql injection and
>>> html injection in one stroke.
>>>
>>> Bada bing bada bang bada boom
>>>
>>> Next time I display their comment out of the database they are popping up
>>> an alert to every user and my users are gone.
>>>
>>> Michele
>>
>> Two words: escape output
>>
>> --
>> Chris Shiflett
>> http://shiflett.org/
>>
>>
>>
>>
>> _______________________________________________
>> New York PHP User Group Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> http://www.nyphp.org/show_participation.php
>
>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show_participation.php
>



More information about the talk mailing list