input-sanitization

I want to implement the 'JSON Sanitizer' validation as mentioned by OWASP. My understanding is that this needs to be done in two places: JSON data (in Request) received from Client or Other Systems - This needs to be sanitized at Server side before being processed JSON data (in Response) to be sent to Client - This needs to be sanitized at Server side before being sent to client Is it sufficient that I just call a sanitizing method in JSON Sanitizing library on that JSON Data ? Will that perform all sanitization or are there any other validations to be done in this regard ? The OWASP JSON

I am using a javascript date picker that allows the user to select a date. However, I would like to also sanitize the posted date data before entering into the database. I am not seeing any sanitize filter here: http://us2.php.net/manual/en/filter.filters.sanitize.php What would be the best method to sanitize a date before entering into a database? This would be the original value from the post: $datepick = $_POST['date']; // wich is 04/12/2014 Then I convert it for the database: $date = date("Y-m-d", strtotime($datepick)); Thanks! If your date is like "03/02/2014" then you can simply clean

This is one of my forms(PHP+MySQL, textarea replaced by TinyMCE). It records description with paragraphs, bullets, headings and text alignment (right, left, center and justify). Once submitted, the record appears as <p style="text-align: justify;"><strong>Introduction</strong></p> <p style="text-align: justify;">The death of the pixel leaves you with a flowing, magazine-quality canvas to design for. A canvas where curves are curves, not ugly pixel approximations of curves. A canvas that begins to blur the line between what we consider to be real and what we consider to be virtual.</p> <p style

Before everyone tells me that I shouldn't do client-side sanitization (I do in fact intend to do it on a client, though it could work in SSJS as well), let me clarify what I'm trying to do. I'd like something, akin to Google Caja or HTMLPurifier but for JavaScript: a whitelist-based security approach which processes HTML and CSS (not already inserted into the DOM of course, which would not be safe, but first obtained in string form) and then selectively filters out unsafe tags or attributes, ignoring them or optionally including them as escaped text or otherwise allowing them to be reported to

What are some good PHP html (input) sanitizers? Preferably, if something is built in - I'd like to us that. UPDATE : Per the request, via comments, input should not allow HTML (and obviously prevent XSS & SQL Injection, etc). html purifier -> http://htmlpurifier.org/ I've always used PHP's addslashes() and stripslashes() functions, but I also just saw the built-in filter_var() function ( link ). Looks like there are quite a few built-in filters . If you want to run a query that use let's say $_GET['user'] a nice solution would be to do something like this using mysql_real_escape_string() : <

Is there a function i can use in Perl to sanitize input before putting it into a MySQL db? I don't know regex very well so before I make my own function i was wondering if there was already one made. friedo The proper way to sanitize data for insertion into your database is to use placeholders for all variables to be inserted into your SQL strings. In other words, NEVER do this: my $sql = "INSERT INTO foo (bar, baz) VALUES ( $bar, $baz )"; Instead, use ? placeholders: my $sql = "INSERT INTO foo (bar, baz) VALUES ( ?, ? )"; And then pass the variables to be replaced when you execute the query: