Validating input

Re: Validating input

J Huntley Palmer wrote:[color=blue]
> What is the most efficient way to validate an input to conform to your
> needs?
>
> I need to make sure an input is a contiguous string with only printable
> characters (english alphabet+number s only) and no whitespace or
> punctuation marks.
>
> Thanks[/color]



-david-

Re: Validating input

On 2006-06-18, J Huntley Palmer <jhp@dontspam.s pam> wrote:[color=blue]
> I need to make sure an input is a contiguous string with only printable
> characters (english alphabet+number s only) and no whitespace or
> punctuation marks.[/color]

I would use a regular expression for that. Since it's the weekend you
still have time to come up with such a RE.

Hint: lookup the meaning(s) of '^' , '\w+' and '$' in regular expressions.

--
Met vriendelijke groeten,
Tim Van Wassenhove <http://timvw.madoka.be >

Re: Validating input

In addition to the RegEx note made before, I would give you a slight
example (rather common) in case you're not already done:

check out the
preg_match(http://php.net/manual/en/function.preg-match.php) with some
RegExp like "/[a-zA-Z0-9 ]+/", which would give you true only of case
of digits and letters and blank space. The + will assure that there is
at least one letter/digit.

For more info check the user-contributed notes in the link above. It's
not a big deal...

Good day.

Re: Validating input

You might want to consider validating your inputs before submitting to
the server.


J Huntley Palmer wrote:[color=blue]
> What is the most efficient way to validate an input to conform to your
> needs?
>
> I need to make sure an input is a contiguous string with only printable
> characters (english alphabet+number s only) and no whitespace or
> punctuation marks.
>
> Thanks[/color]

Re: Validating input

>You might want to consider validating your inputs before submitting to[color=blue]
>the server.[/color]

Validating inputs ONLY before submitting to the server is
worse than no validation at all. In this case, the attacker
gets to do his own validation.

Gordon L. Burditt

Re: Validating input

Argh. The intent of my reply was lost due to lack of caffeine. Now
that I had a few cups, let me rephrase:

You might want to consider validating before you post IN ADDITION TO
validating once the request hits the server. You should always try to
pre-format requests to your server whenever possible (unless the
overhead is too expensive or you might reveal some sort of algorithm or
data format you wish to keep secret)...WHILS T KEEPING IN MIND that once
on the server, you should never trust the request until the appropriate
security measures have been taken.

Thank you for forcing me to clarify. I shall never post again until I
am certain my stimulant level is appropriate.

Cheers,

Gordon Burditt wrote:[color=blue][color=green]
> >You might want to consider validating your inputs before submitting to
> >the server.[/color]
>
> Validating inputs ONLY before submitting to the server is
> worse than no validation at all. In this case, the attacker
> gets to do his own validation.
>
> Gordon L. Burditt[/color]