[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Free Show | Home]

PHP Sanitization

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.
  1. Home
  2. /g/ - Technology
  3. PHP Sanitization
Thread replies: 9
Thread images: 1

Anonymous
PHP Sanitization 2016-12-18 05:58:24 Post No.
[Report]
PHP Sanitization Anonymous 2016-12-18 05:58:24 Post No. [Report] 
$host = $_SERVER['HTTP_HOST'];
$ip = $_SERVER['REMOTE_ADDR'];
preg_match("/[^\.\/]+\.[^\.\/]+$/", $host, $matches);
$domain = $matches[0];
$url = explode($domain, $host);
$subdomain = str_replace('.', ' ', $url[0]);


I'm using this to grab the current subdomains as a formatted string.
Do I need to sanitize it much more than this if I want to insert 
$subdomain
into a mysql table for analytics?

I would assume there is really no way to perform an SQL injection inside the host section of a URL because any special characters will just break the initial DNS query/browser request, right? In Chrome, this would just perform a Google search for the URL instead of loading and other browsers would just say it's an invalid URL.
>>
Anonymous 2016-12-18 06:00:00 Post No.58055640
[Report]
Anonymous 2016-12-18 06:00:00 Post No.58055640 [Report]
>>58055626
Also, I guess, same thing with 
$_SERVER['REMOTE_ADDR']
?

I know things like the user agent are easily exploitable but I never sanitize this because I just assume it's not possible to exploit.
>>
Anonymous 2016-12-18 06:25:18 Post No.58055905
[Report]
Anonymous 2016-12-18 06:25:18 Post No.58055905 [Report]
>>58055626
>>58055640
There's a built in function for this you retard: mysqli_escape_string($db, $string).
Why are you even using php for this in the first place when you can just view the webserver logs?
>>
Anonymous 2016-12-18 06:26:45 Post No.58055918
[Report]
Anonymous 2016-12-18 06:26:45 Post No.58055918 [Report]
>>58055905
Yes, I am very aware of that, thanks.

The procedure in OP isn't for sanitization - it's because I need it as an array for later on. Re-read the question.

I'm using PHP because it can provide me more information than Apache logs do.
>>
Anonymous 2016-12-18 06:30:31 Post No.58055969
[Report]
Anonymous 2016-12-18 06:30:31 Post No.58055969 [Report]
>>58055918
Everything you've shown so far can be logged with nginx and I'm sure apache can do the same.
>>
Anonymous 2016-12-18 06:33:18 Post No.58056004
[Report]
Anonymous 2016-12-18 06:33:18 Post No.58056004 [Report]
>>58055969
I chose database storage because it's not just for logging purposes. Other parts of my site will take this information via SELECT and perform some interesting analytics and access control operations on it automatically.
>>
Anonymous 2016-12-18 06:51:18 Post No.58056170
[Report]
Anonymous 2016-12-18 06:51:18 Post No.58056170 [Report]
>>58055640
>I never sanitize this
fuck me

You should be sanitizing everything you put into a database. If you're building queries manually by concatenating strings you are doing it wrong.
>>
Anonymous 2016-12-18 07:00:14 Post No.58056249
[Report]
Anonymous 2016-12-18 07:00:14 Post No.58056249 [Report]
here's a good php sanitation command
find . -iname '*.php' -delete
>>
Anonymous 2016-12-18 07:06:26 Post No.58056298
[Report]
Anonymous 2016-12-18 07:06:26 Post No.58056298 [Report]
>>58056249
Ayy lmoa
Thread posts: 9
Thread images: 1
[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/


If you need a post removed click on it's [Report] button and follow the instruction.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com.
If you like this website please support us by donating with Bitcoins at 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
All trademarks and copyrights on this page are owned by their respective parties.
Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site.
This means that RandomArchive shows their content, archived.
If you need information for a Poster - contact them.