Stumped, PHP security.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
robertbarzyk
Forum Newbie
Posts: 19
Joined: Tue Oct 06, 2009 4:12 pm

Stumped, PHP security.

Post by robertbarzyk »

Designing a site where people will be submitting data into forms.
I need them to be able to type almost any character and or special characters.
But i dont want my site to be wide open to sql injections.

Anybody who could help, or provide me with a link to an example or anything like that would be much appreciated. Thanks in advance!
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Stumped, PHP security.

Post by social_experiment »

Use mysql_real_escape_string(). You can search the security section of the forum, the subject has been covered a lot :)
Hth
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
robertbarzyk
Forum Newbie
Posts: 19
Joined: Tue Oct 06, 2009 4:12 pm

Re: Stumped, PHP security.

Post by robertbarzyk »

okay so when i want to display this data, how do i show it in its original form?
robertbarzyk
Forum Newbie
Posts: 19
Joined: Tue Oct 06, 2009 4:12 pm

Re: Stumped, PHP security.

Post by robertbarzyk »

stripslashes(); right?
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: Stumped, PHP security.

Post by Weirdan »

robertbarzyk wrote:stripslashes(); right?
Nope, htmlspecialchars() when you display data in html, mysql_real_escape_string() when you put it into the sql query. stripslashes() is for when your host has magic_quotes_gpc on (that is deprecated setting and should not be relied upon).
Post Reply