NYCPHP Meetup

[Aaron Fischer]

Greetings listers,

I'm working on some new forms and would like to make them more secure by 
filtering the input.  I recently purchased and have at least partially 
digested Essential PHP Security by Chris Shiflett and The PHP Anthology 
by Harry Fuecks.  Based on this material I can see two possible paths ahead.

1.  Use the clean_array() approach and filter input data using PHP 
methods and/or regex expressions.
2.  Install the Pear package HTML_QuickForm and use for validating 
(filtering) input data.

I was leaning toward #1 but have very little experience with regex. 
It's probably implausible, particularly given time constraints, for me 
to attempt to build regex expressions for my form fields.  Are there any 
resources online for regex expressions that people would recommend for 
filtering input?  Secondly, in Chris's book I see ctype_alnum() and 
html_entities() as two methods recommended to use for filtering.  Are 
there other PHP methods folks would recommend?

I slogged through Pear and HTML_QuickForm a bit.  I haven't worked with 
Pear packages yet and am in a shared hosting environment, so I'm 
currently attempting to see what, if anything, is enabled and/or 
installed for Pear on my server.

Would appreciate any advice or recommendations for how to proceed with 
either method #1 or #2.  At this point I would be satisfied with minimal 
improvements to security as it would be a step in the right direction 
and I can improve my filtering techniques during the next project.

Thanks,

-Aaron