Thus, "(555)123-1234", "555.123.1234", and "555\"; DROP TABLE USER;--123.1234" all convert to 5551231234.Note that you should proceed to validate the resulting numbers as well.
The account select option is read directly and provided in a message back to the backend system without validating the account number if one of the accounts provided by the backend system.
All sections should be reviewed The most common web application security weakness is the failure to properly validate input from the client or environment.
Data from the client should never be trusted for the client has every possibility to tamper with the data.
In many cases, Encoding has the potential to defuse attacks that rely on lack of input validation.
For example, if you use HTML entity encoding on user input before it is sent to a browser, it will prevent most XSS attacks.