Thanks a lot for this great explanation for preventing SQL and XSS through RegEx.
After reading your article ive been trying hard to find a tool (web or mac) to convert ANY character to it´s hex-representation.
I looked up the php documentation and googled for an hour but cant find anything that will convert ANY character.
As you suggest to convert several occurances of "or" etc. to their hex-representation as well - i though one should convert keywords as "union,select etc" as well.
Could you please post a hint where one can find a tool for this type of conversion of strings ?
After reading your article ive been trying hard to find a tool (web or mac) to convert ANY character to it´s hex-representation.
I looked up the php documentation and googled for an hour but cant find anything that will convert ANY character.
As you suggest to convert several occurances of "or" etc. to their hex-representation as well - i though one should convert keywords as "union,select etc" as well.
Could you please post a hint where one can find a tool for this type of conversion of strings ?
Thanks so much !!
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1768/1320#1320