Validation of user input or ?????????
Posted
by zaf
on Stack Overflow
See other posts from Stack Overflow
or by zaf
Published on 2010-04-12T15:46:30Z
Indexed on
2010/04/12
16:52 UTC
Read the original article
Hit count: 397
We're letting users search a database from a single text input and I'm having difficulties in filtering some user supplied strings.
For example, if the user submits:
????????? lcd SONY
(Note the ?'s) I need to cancel the search.
I include the base64 encoded version of the above string wrapped up so that its easy run:
print(base64_decode("1MfLxc/RwdPHIGxjZCBTT05Z"));
I've ignored such inputs before but now (am not sure why) just realised the mysql database query is taking nearly forever to execute so this is now on high priority.
Another example to highlight that we are using utf-8 and mb_detect_encoding is not helping much:
print(base64_decode("zqDOm8+Fzr3PhM63z4HOuc6/IM+Bzr/Phc+HzyU="));
????t???? ?????%
So:
- how can I detect/filter these inputs?
- how is this input being generated?
© Stack Overflow or respective owner