Hello
If you use preg_match() to check data should you still sanitize it afterwards, assuming you are not allowing any "" or \\ or other injection characters in pregmatch? eg. "/^[a-zA-Z0-9 _.-]+$/", which would not allow charaters for injection.
Sanitizing code
Moderator: General Moderators
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: Sanitizing code
If you are writing the values to a database i dont think you can be to sure of the data being entered into it by users you are not familiar with. It's best to use mysql_real_escape_string() if adding data to the database.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering