The script I'm creating, like most, involves a lot of user input. What php filters should I use to sanitize the input that will be inserted into a database.
Robert Picard
http://www.rpicard.net
http://www.rpicard.net
Support Forums
›
Categories
›
Coding Support Forums
›
PHP The Hypertext Preprocessor
Best way to sanitize / filter user input?
Best way to sanitize / filter user input?
|
Best way to sanitize / filter user input?
|
06-01-2010, 04:20 PM
http://php.net/manual/en/function.mysql-...string.php
http://php.net/manual/en/function.addslashes.php You could also create an array with unwanted queries, and, if the input contains anything in the array, echo "invalid input"; Those are the first two ideas, but, if you have an imagination, you can come up with different, and fun, ways of protecting input.
06-04-2010, 02:25 AM
Do not use addslashes() , because it can be bypassed easily , use mysql_real_escape_string() or mysqli_real_escape_string() if you are using mysqli
06-06-2010, 09:41 AM
One of the best things you can do is to create your own function to quick sanitize input. This will allow you a greater degree of control and options plus you can upgrade and alter your sanitize function which will work across your whole site.
Look into this too: http://us2.php.net/manual/en/ref.filter.php That's only php 5 compatible but it looks great. Lots of options to filter input. Pretty cool stuff: http://us2.php.net/manual/en/filter.filt...nitize.php  I am here to rescue you.This is Support Forums not Support PMs. Do not PM me for support unless it's private and site related.
06-07-2010, 12:17 PM
Yeah was about to say that, make a function. Will try and dig one up I created.
 (06-06-2010, 09:41 AM)Omniscient Wrote: One of the best things you can do is to create your own function to quick sanitize input. This will allow you a greater degree of control and options plus you can upgrade and alter your sanitize function which will work across your whole site. That's a good idea. Thanks.
Robert Picard
http://www.rpicard.net
06-13-2010, 04:05 AM
Also a very handy way of sanitizing is using the strip_tags() function from PHP. This will strip all tags and an optional parameter to include tags not to be stripped.
http://www.php.net/strip_tags This is very useful if you do not want any <script> etc. tags in your user input. |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| PHP email input form - having trouble getting the form to work... | abayindi | 4 | 2,724 |
03-19-2012, 10:02 AM Last Post: RainbowDashFTW |
|
| PHP Form to Email (And the form input as VCF Attachment)? | VypeR | 1 | 3,868 |
10-27-2010, 06:01 AM Last Post: VypeR |
|
| User Management Script - User Cake | Support | 9 | 5,617 |
05-13-2010, 03:21 PM Last Post: Julie |
|
Users browsing this thread: 3 Guest(s)