Possible Duplicate: How to properly escape html form input default values in php? I

Question

0

Editorial Team

Asked: June 16, 20262026-06-16T19:52:12+00:00 2026-06-16T19:52:12+00:00

Possible Duplicate: How to properly escape html form input default values in php? I

0

Possible Duplicate:
How to properly escape html form input default values in php?

I am currently using:

if (isset($_GET['b']))
{
  $bb = $_GET['b'];
  echo 'found';
}
else
{
  $bb = 'white';
  echo 'notfound';
}

and

<body bgcolor="<?php echo $bb; ?>">

to allow the users to set the color of the page, what would be the safest method to avoid injection?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-16T19:52:13+00:00

Assuming you are expecting a color, you could use a regex for hexadecimal colors:

^#([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})$

and the list of the 17 standard colors: aqua, black, blue, fuchsia, gray, grey, green, lime, maroon, navy, olive, purple, red, silver, teal, white, and yellow:

$standards = array(
    'aqua',
    'black',
    'blue',
    'fuchsia',
    'gray',
    'grey',
    'green',
    'lime',
    'maroon',
    'navy',
    'olive',
    'purple',
    'red',
    'silver',
    'teal',
    'white',
    'yellow'
);

if (in_array($bb, $standards) or preg_match('/^#([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})$/', $bb)) {
    // valid
}

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Possible Duplicate: How to properly escape html form input default values in php? I

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply