What are the best methods for sanitizing? For example; $_SERVER['HTTP_USER_AGENT'] $_SERVER['HTTP_ACCEPT'] I'm thinking xss here but how about also against sql injection?
nothing works against sql injections! you just have to check all inputs ($_GET, $_POST, $_FILES, $_COOKIES) before using its data! mysql_real_escape_string or use PDO!
Well, those two examples are part of a script to detect mobile browsers $user_agent = $_SERVER['HTTP_USER_AGENT']; $accept = $_SERVER['HTTP_ACCEPT']; PHP: The variables are used in the script - e.g.: case (preg_match('/ipad/i',$user_agent)); ..... or later if no exact browser agent can be found case ((strpos($accept,'text/vnd.wap.wml')>0) PHP: I want to make sure the input is sanitized (or not vulnerable) so it isn't open to this type of $_SERVER['PHP_SELF'] xss vulnerability, if you know what I mean? (I know it's different but worth checking). Nothing gets written to a database - I asked that since I thought it would be helpful for anyone else reading. As you may have guessed I'm no coder (I can write it if I have to but it isn't my thing).
Don't worry then as its not being displayed to the visitor nor stored - so you have nothing to worry about as the cases are validating it, just leave it as is
Since I've helped you, perhaps you can help answer my question...I've been on DP for a while and I'd call myself an active member - after reporting a thread aswell as PM'ing numerous staff (mod/admin) (including you) I get no response - would it be that the staff are too busy or simply can't help? Thought I'd ask here, seeing as the other methods I've tried (which are encouraged by DP) never worked.
Ah, that can happen if you PM more than one mod at the same time about the same thing. Everyone thinks everyone else has answered. The reported post was dealt with. As for the sticky - there already is one.
I did'nt PM more then one mod at the same time was more; "Right..your not replying...perhaps I'll PM another...after a few weeks..as I don't want to seem like I'm bombarding you lot!". Anyhow I've got the response I wanted - so all sorted.