Designing a site where people will be submitting data into forms.
I need them to be able to type almost any character and or special characters.
But i dont want my site to be wide open to sql injections.
Anybody who could help, or provide me with a link to an example or anything like that would be much appreciated. Thanks in advance!
Stumped, PHP security.
Moderator: General Moderators
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: Stumped, PHP security.
Use mysql_real_escape_string(). You can search the security section of the forum, the subject has been covered a lot 
Hth
Hth
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
-
robertbarzyk
- Forum Newbie
- Posts: 19
- Joined: Tue Oct 06, 2009 4:12 pm
Re: Stumped, PHP security.
okay so when i want to display this data, how do i show it in its original form?
-
robertbarzyk
- Forum Newbie
- Posts: 19
- Joined: Tue Oct 06, 2009 4:12 pm
Re: Stumped, PHP security.
stripslashes(); right?
Re: Stumped, PHP security.
Nope, htmlspecialchars() when you display data in html, mysql_real_escape_string() when you put it into the sql query. stripslashes() is for when your host has magic_quotes_gpc on (that is deprecated setting and should not be relied upon).robertbarzyk wrote:stripslashes(); right?