Wednesday 27 June 2018

php - A set of valid characters for web site passwords



Hi I was composing a regex for a password field of my site and had a concern:



Are there any characters I should block a user from entering? If so why?



Or is it enough just to escape dangerous characters like = and ' when processing data?
It seems good for this topic to list the php functions for escaping those, if you would.




Thanks!


Answer



I hash anything a user enters as a password, so I don't care what they enter, it never touches my database and can't cause any harm. md5($_POST['password'])



Other fields are a different story...



mysql_real_escape_string() is a great function for escaping data in queries.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print &q...