<![CDATA[FrontAccounting forum — Forbidden characters of Item code input]]> 2017-12-25T14:47:36Z PunBB https://frontaccounting.com/punbb/viewtopic.php?id=7218 <![CDATA[Re: Forbidden characters of Item code input]]> The user input control functions that provide the dropdown select box php code should not get confused and the search delimiters should not be ambiguous. URL encoding too will convert space to "+".

We can also add the back tick character to the forbidden list it as well - "`". A semicolon too may be added to the list.

Here is an elegant way to check a string for presence of any character in an array:

$arrayOfBadCharacters =array(' ', "'", '"', '+', '&', chr(9), chr(10), chr(13), '`', ';');
$chars = preg_quote(implode('', $arrayOfBadCharacters));
if(preg_match('/['.$chars.']/', $_POST['NewStockID']) {
    // bad character(s) found
}

These bad characters may be stripped off and the code used instead of throwing an error.

]]> https://frontaccounting.com/punbb/profile.php?id=364 2017-12-25T14:47:36Z https://frontaccounting.com/punbb/viewtopic.php?pid=30285#p30285 <![CDATA[Forbidden characters of Item code input]]> Line 182 of inventory/manage/items.php should be

elseif (strstr($_POST['NewStockID'], "-") || strstr($_POST['NewStockID'],"'") ||

to prevent the - symbol entered by user
Can someone explain about the forbidden characters in the Item code (- ' " + & space), is the reason security ?

]]> https://frontaccounting.com/punbb/profile.php?id=36772 2017-12-25T13:07:19Z https://frontaccounting.com/punbb/viewtopic.php?pid=30284#p30284