StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POIs this enough for a secure site? (4 small functions)
primarykey
Id
7946652
data
AcceptedAnswerId
0
AnswerCount
1
ClosedDate
2011-10-30T18:07:15.137
CommentCount
2
CommunityOwnedDate
CreationDate
2011-10-30T17:45:29.893
FavoriteCount
3
LastActivityDate
2011-10-30T18:00:44.867
LastEditDate
2017-05-23T12:03:36.467
LastEditorUserId
-1
OwnerUserId
997407
ParentId
0
PostTypeId
1
Score
2
ViewCount
114
LastEditorDisplayName
text
Body
<blockquote> Possible Duplicate: <a href="https://stackoverflow.com/questions/4223980/php-the-ultimate-clean-secure-function">PHP: the ultimate clean/secure function</a> </blockquote> I revised my site's security filters today. I used to filter input and do nothing with the output. Here it is: All user inputted variables go through these 2 functions depending on the type: PS: Since I didn't start coding from scratch I did it for all variables, including the ones that aren't aren't used in queries. I understand that this is a performance killer and will be undoing that. Better safe than sorry right? <pre><code>// numbers (I expect very large numbers) function intfix($i) { $i = preg_replace('/[^\d]/', '', $i); if (!strlen($i)) $i = 0; return $i; } // escape non-numbers function textfix($value) { $value = mysql_real_escape_string($value); return $value; } </code></pre> XSS preventing: Input - filters user submitted text, like posts and messages. As you see it's currently empty. Not sure if strip_tags is needed. Output - on all html outputs <pre><code>function input($input){ //$input = strip_tags($input, ""); return $input; } function output($bbcode){ $bbcode = textWrap($bbcode); // textwrap breaks long words $bbcode = htmlentities($bbcode,ENT_QUOTES,"UTF-8"); $bbcode = str_replace("\n", " ", $bbcode); // then some bbcode (removed) and the img tag $urlmatch = "([a-zA-Z]+[:\/\/]+[A-Za-z0-9\-_]+\\.+[A-Za-z0-9\.\/%&=\?\-_]+)"; $match["img"] = "/\[img\]".$urlmatch."\[\/img\]/is"; $replace["img"] = "<center><img src=\"$1\" class=\"max\" /></center>"; return $bbcode; } </code></pre> I included the img tag because it could be vulnerable to css... What do you think? Anything obviously wrong? Good enough?
Tags
<php><mysql><security>
Title
Is this enough for a secure site? (4 small functions)
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USCommunity
UserOwnerUserId
1. USdomino
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTDuplicate
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POIs this enough for a secure site? (4 small functions)
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POIs this enough for a secure site? (4 small functions)
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POIs this enough for a secure site? (4 small functions)
 UserUserId
 USSibbo
 VoteTypeVoteTypeId
 VTFavorite
CommentsPostId
1. COWhat do you mean a duplicate? If anything I used to filter input the same way before recoding the functions.
 singulars
 PostPostId
 POIs this enough for a secure site? (4 small functions)
 UserUserId
 USdomino
2. COWith possible duplicate I mean that a part of the context of your question has been already covered by another question. You question looks to me that you want to learn how to do proper encoding, however it looks much intermixed with multiple domains of content, so I suggested a duplicate question that has this same problem as it's topic. For example you're `mysql_real_escape_string` without having it related to anything mysql.
 singulars
 PostPostId
 POIs this enough for a secure site? (4 small functions)
 UserUserId
 UShakre

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.