The script I'm creating, like most, involves a lot of user input. What php filters should I use to sanitize the input that will be inserted into a database.
Robert Picard
http://www.rpicard.net
http://www.rpicard.net
Best way to sanitize / filter user input?
|
The script I'm creating, like most, involves a lot of user input. What php filters should I use to sanitize the input that will be inserted into a database.
Robert Picard
http://www.rpicard.net
06-01-2010, 04:20 PM
http://php.net/manual/en/function.mysql-...string.php
http://php.net/manual/en/function.addslashes.php You could also create an array with unwanted queries, and, if the input contains anything in the array, echo "invalid input"; Those are the first two ideas, but, if you have an imagination, you can come up with different, and fun, ways of protecting input.
Thanks for the info. I'll check them out.
Robert Picard
http://www.rpicard.net
06-04-2010, 02:25 AM
Do not use addslashes() , because it can be bypassed easily , use mysql_real_escape_string() or mysqli_real_escape_string() if you are using mysqli
06-06-2010, 09:41 AM
One of the best things you can do is to create your own function to quick sanitize input. This will allow you a greater degree of control and options plus you can upgrade and alter your sanitize function which will work across your whole site.
Look into this too: http://us2.php.net/manual/en/ref.filter.php That's only php 5 compatible but it looks great. Lots of options to filter input. Pretty cool stuff: http://us2.php.net/manual/en/filter.filt...nitize.php
I am here to rescue you.
This is Support Forums not Support PMs. Do not PM me for support unless it's private and site related.
06-07-2010, 12:17 PM
Yeah was about to say that, make a function. Will try and dig one up I created.
(06-06-2010, 09:41 AM)Omniscient Wrote: One of the best things you can do is to create your own function to quick sanitize input. This will allow you a greater degree of control and options plus you can upgrade and alter your sanitize function which will work across your whole site. That's a good idea. Thanks.
Robert Picard
http://www.rpicard.net
06-13-2010, 04:05 AM
Also a very handy way of sanitizing is using the strip_tags() function from PHP. This will strip all tags and an optional parameter to include tags not to be stripped.
http://www.php.net/strip_tags This is very useful if you do not want any <script> etc. tags in your user input. |
« Next Oldest | Next Newest »
|
Possibly Related Threads… | |||||
Thread | Author | Replies | Views | Last Post | |
PHP email input form - having trouble getting the form to work... | abayindi | 4 | 2,724 |
03-19-2012, 10:02 AM Last Post: RainbowDashFTW |
|
PHP Form to Email (And the form input as VCF Attachment)? | VypeR | 1 | 3,867 |
10-27-2010, 06:01 AM Last Post: VypeR |
|
User Management Script - User Cake | Support | 9 | 5,617 |
05-13-2010, 03:21 PM Last Post: Julie |