Creating an array of “banished words”

Forum Moderators: coopster

Message Too Old, No Replies

Creating an array of “banished words”

Keep adding to the list

henry0

9:29 pm on Sep 4, 2007 (gmt 0)

Among the many security steps I am building
I want adding an extra layer
In the same way I made my bad words filter I am creating a “banished words” array aiming at filtering registered user’s input.

Some might be used in daily language like “drop”
But it will not be allowed and my script will suggest a choice of synonyms.
As a starter:
SQL
MySQL
DROP
UNLINK
PASSWORD
USERNAME

Your turn… please keep adding.

eelixduppy

12:03 am on Sep 5, 2007 (gmt 0)

If you are going to continue along the same path you are going to need to add all of the reserved words [dev.mysql.com] into the filter, however, this doesn't make much sense. For example, unless your script needs to DROP a table at any point in time then the mysql account you are using should not have the permissions to drop a table. If all you are doing is selecting and updating data, then the permissions for that mysql account should be set for only that. This is that "added layer of security" that you are looking for. If you filter all of the reserved words you are going to create problems for yourself.

Also, of course, you should be handling the input correctly in the first place, escaping the data when needed.