looking for straight answer - what's the safest or joint-safest way to validate data?

[Birmingham]

some people say some functions, others then say don't use them....etc

i just want a straight answer - what's the best way to validate form data with php to prevent malicious injections?

before you say "it depends what kind of data ur expecting" - i'll suggest that i'm expecting anything and everything and want to accept as much as possible whilst being secure as possible.

please may there be some1 here knows php properly enough to help

[Twey]

before you say "it depends what kind of data ur expecting" - i'll suggest that i'm expecting anything and everything and want to accept as much as possible whilst being secure as possible.

So, text, binary data, MySQL queries, shell commands, HTTP requests, emails...? There are just too many types of data out there (all of which need to be handled differently) to give a straightforward cure-for-everything.

[Birmingham]

text, which could include all of the rest. for example, so clients could put code for any of the rest on a web page without inwanted processing.

any offers for a simple answer?

[Twey]

text, which could include all of the rest.

No, it couldn't.

for example, so clients could put code for any of the rest on a web page without inwanted processing.

To convert text so it is safe for embedding in HTML, you should use the htmlentities() function.

any offers for a simple answer?

There is no simple answer, as I stated above.

[Birmingham]

well thanks for the htmlentities part of the response at least. it confirms what i've heard elsewhere.

as for the "there's no simple answer" ... that's what everyone says until they master their stuff.

[Twey]

How does one make an object safe for children? I want a simple answer that works for every possible object.

as for the "there's no simple answer" ... that's what everyone says until they master their stuff.

I really can't be bothered to answer this. I should note for your reference, however, that if you succeed in turning the thread into an argument as you appear to be attempting to do, the chance of your receiving an answer of any kind will decrease drastically.

[mwinter]

... what's the best way to validate form data with php to prevent malicious injections?

before you say "it depends what kind of data ur expecting"

I wouldn't, because it doesn't. However, it does depend on what you are going to do with the data. Input from the client is nothing more than a stream of bytes (in an abstract sense); you can't be vulnerable to it until you start treating that data in a certain way.

i'll suggest that i'm expecting anything and everything and want to accept as much as possible whilst being secure as possible.

Do you really expect anyone to list every possible thing you could do with user input on the server, and vulnerabilities that might arise in each case?

Mike

[Birmingham]

no, i don't expect that at all, but i do expect that there is one or a few php functions which are the safest and most recommended for data validation irrespective of what type of data is being validated. otherwise, php developers haven't been doing much useful development

[blm126]

no, i don't expect that at all, but i do expect that there is one or a few php functions which are the safest and most recommended for data validation irrespective of what type of data is being validated. otherwise, php developers haven't been doing much useful development

That is not the languages job. That is YOUR job as the developer.

[Twey]

As far as I know, there's no readMyMindAndMakeTheDataSafe() function in any current language.