Validating form data using hidden fields find online dating profiles se
These definitions are used within this document: Ensure that data is not only validated, but business rule correct.For example, interest rates fall within permitted boundaries.If you want text from a user comment form, it is difficult to decide on a legitimate set of characters because nearly every character has a legitimate use.One solution is to replace all non alphanumeric characters with an encoded version, so "I like your web page", might emerge from your sanitation routines as "I like your web page! (This example uses URL encoding.) You can also go one step further.Here are some examples: If you expect a phone number, you can strip out all non-digit characters.Thus, "(555)123-1234", "555.123.1234", and "555\"; DROP TABLE USER;--123.1234" all convert to 5551231234.
However, simply preventing attacks is not enough - you must perform Intrusion Detection in your applications.This is a dangerous strategy, because the set of possible bad data is potentially infinite.