I am using
$_COOKIE variables in method calls, SQL queries and file calls - and it is necessary to escape / rewrite this user-data for better security (avoid injection attacks and the like). How would you recommend this is done?
Some ideas from built-in escape function ... to get the juices flowing:
- Add backslashes to:
x00, , , , ', "and
x1ato make the string safe for SQL queries - as in mysql_real_escape_string().
- Limit the number of accepted characters to
[a-zA-Z0-9 _-.](where "
." is an escaped "."-dot).
Your inputs are appreciated. Thanks.</div