paolo@bimodesign.com | +34 608 61 64 10

Framework

        

Php - Avoid script injection

To avoid the script injection in a form, maybe the best way is to apply this regexp rules to the input data.

/((\%3C)|(\<)|<)(script\b)[^>]*((\%3E)|(\>)|>)(.*?)((\%3C)|(\<)|<)(\/script)((\%3E)|(\>)|>)|((\%3C)|<)((\%69)|i|(\%49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/is