Sanitizing code

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
lshaw
Forum Commoner
Posts: 69
Joined: Mon Apr 20, 2009 3:40 pm
Location: United Kingdom

Sanitizing code

Post by lshaw »

Hello

If you use preg_match() to check data should you still sanitize it afterwards, assuming you are not allowing any "" or \\ or other injection characters in pregmatch? eg. "/^[a-zA-Z0-9 _.-]+$/", which would not allow charaters for injection.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Sanitizing code

Post by social_experiment »

If you are writing the values to a database i dont think you can be to sure of the data being entered into it by users you are not familiar with. It's best to use mysql_real_escape_string() if adding data to the database.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply