Saturday, March 2, 2019

Remove and Replace non-alphanumeric Characters from Form Inputs with regex

Remove and Clean up Form inputs on POST and GET

For your contact us forms, you do not want bad people to inject malware into your email, so you need to scrub and slug the posts with regex to remove any html code, and non-alphas that can be used to do nasty things to end users.

Shared on GIST


Example: (on ssh console)
$ php slug.php
<HELLO@HELLO.COM>
DIRTY:<Joe_Johnson_1234@gmail.com><?>
CLEAN:joe_johnson_1234@gmail.com
DIRTY:Hello Mr. O'Leary, I am calling to ask your help with releasing $10000<br/> in lost cash from nigeria. Click Here: <a href="http://www.getavirus.com">Free Virus</a> You gotta "trust" \'me\'
CLEAN:hello mr. o-leary, i am calling to ask your help with releasing $10000br in lost cash from nigeria. click here a href-httpwww.getavirus.com-free virusa you gotta -trust- -me


No comments:

Post a Comment