<![CDATA[FrontAccounting forum — Forbidden characters of Item code input]]> https://frontaccounting.com/punbb/viewtopic.php?id=7218 Mon, 25 Dec 2017 14:47:36 +0000 PunBB <![CDATA[Re: Forbidden characters of Item code input]]> https://frontaccounting.com/punbb/viewtopic.php?pid=30285#p30285 The user input control functions that provide the dropdown select box php code should not get confused and the search delimiters should not be ambiguous. URL encoding too will convert space to "+".

We can also add the back tick character to the forbidden list it as well - "`". A semicolon too may be added to the list.

Here is an elegant way to check a string for presence of any character in an array:

$arrayOfBadCharacters =array(' ', "'", '"', '+', '&', chr(9), chr(10), chr(13), '`', ';');
$chars = preg_quote(implode('', $arrayOfBadCharacters));
if(preg_match('/['.$chars.']/', $_POST['NewStockID']) {
    // bad character(s) found
}

These bad characters may be stripped off and the code used instead of throwing an error.

]]> Mon, 25 Dec 2017 14:47:36 +0000 https://frontaccounting.com/punbb/viewtopic.php?pid=30285#p30285 <![CDATA[Forbidden characters of Item code input]]> https://frontaccounting.com/punbb/viewtopic.php?pid=30284#p30284 Line 182 of inventory/manage/items.php should be

elseif (strstr($_POST['NewStockID'], "-") || strstr($_POST['NewStockID'],"'") ||

to prevent the - symbol entered by user
Can someone explain about the forbidden characters in the Item code (- ' " + & space), is the reason security ?

]]> Mon, 25 Dec 2017 13:07:19 +0000 https://frontaccounting.com/punbb/viewtopic.php?pid=30284#p30284