Page 1 of 1

Stumped, PHP security.

Posted: Sat Jan 29, 2011 12:23 am
by robertbarzyk
Designing a site where people will be submitting data into forms.
I need them to be able to type almost any character and or special characters.
But i dont want my site to be wide open to sql injections.

Anybody who could help, or provide me with a link to an example or anything like that would be much appreciated. Thanks in advance!

Re: Stumped, PHP security.

Posted: Sat Jan 29, 2011 1:57 am
by social_experiment
Use mysql_real_escape_string(). You can search the security section of the forum, the subject has been covered a lot :)
Hth

Re: Stumped, PHP security.

Posted: Sat Jan 29, 2011 3:34 am
by robertbarzyk
okay so when i want to display this data, how do i show it in its original form?

Re: Stumped, PHP security.

Posted: Sat Jan 29, 2011 3:39 am
by robertbarzyk
stripslashes(); right?

Re: Stumped, PHP security.

Posted: Sat Jan 29, 2011 4:51 am
by Weirdan
robertbarzyk wrote:stripslashes(); right?
Nope, htmlspecialchars() when you display data in html, mysql_real_escape_string() when you put it into the sql query. stripslashes() is for when your host has magic_quotes_gpc on (that is deprecated setting and should not be relied upon).