37
3
pHp SecurIty AntI-pAtternS
is chapter looks at various contributors to insecure code. ese range from cases of
simple misinformation to simple forgetfulness. Many common scenarios are shown
that can be identified and changed to better practices and habits.
Anti-Pattern #1
Not Matching Data Character Set to Filter Character Set
Mismatches between the character set of the data being parsed and the functions
performing the parsing are a systemic, root level problem. If web security, based in
the scripting environment of PHP, JavaScript, MySQL, and HTML, is based on
how characters are interpreted, then care must be taken from the start to ensure that
a string of user-supplied text is comprised of the expected character encoding, and
every filte ...