Dec 5, 2000, 10:42 AM
Post #2 of 2
Re: Not used characters in file name!
[In reply to]
Well, stuff like "|\^$@!~`*" all means something in regular expressions, so I asume that if you preform a regex on what someone sent to your script and one of thoses characters was in there, then they might cause an internal server error, or worse yet actually do something nasty to the data you were trying to manip. I haven't done any tests yet, but now I will just to see. Also, depending on what you use to separate your fields, maybe a pipe, if they put a pipe in the input field and you write that to your data base, that record is then corrupted, because the fields wouldn't in the same order as the rest of the records.
According to Corel's Paradox, the world would be comming to an end and the whole data base would be totally un-usable.
As far as someone messing up your server by way of input field, I think you have to be running system or eval commands for something like that to happen, but that's something I don't have expirience with, you'll just have to search around for some security docs. There are a ton of cgi-security docs out there.