403
seCure AjAx sHoPPIng CArt
$productCode = mb_substr($_POST["remove"], 0,
PRODUCT_CODE_LENGTH, "UTF-8");
STEP 2
//use a substitution character so that malicious code
//cannot be formed by dropping characters
mb_substitute_character(0xFFFD);
STEP 3
//ensure utf-8 compliance
$productCode = mb_convert_encoding($productCode, "UTF-8");
STEP 4
//no w filter properly because string and filter are of same type
$pro ductCode = filter_var($productCode, FILTER_SANITIZE_STRING);
//OR
//MORE PRECISE BUSINESS DATA TYPE VALIDATION
//BASED ON BUSINESS RULE AND TABLE COLUMN SPECIFICATION
//use regular expression to validate a specific business rule
// A valid product code is 5 characters of mixed uppercase A-Z and
0-9
//NOTE* sql table column definition for
//product code ...