I have a lot of inputs on a client side
Values are sent to php server as a json string
I need to ensure that any of the value does not contain any html tag or an executable function
I hope that is enough to check for some unallowed characters or strings like this – <, [,{, (), function
The question is – Is this way secure enough ?
$arr = json_decode($str, true);
$values = array_values($arr);
$err = 0;
foreach($values as $val){
if(str_contains($val, "<") ||
str_contains($val, "[") ||
str_contains($val, "()") ||
str_contains($val, "{") ||
str_contains($val, "function")){$err = 1;}
}
if($err == 1){echo 'INPUT IS NOT ALLOWED'; exit();}