A while back I posted some code regarding adding and deleting items from a database and someone mentioned the necessity of 'cleaning' the variables before using them.
I've tried doing something along the lines of:
$var = clean($var);
but to no avail. How do I go about cleaning a variable to ensure that it isn't some bogus variable entered by a user. I'm speaking particularly of variables that are passed through a URL.
Thanks!
How to 'clean' data for security purposes
Moderator: General Moderators
-
dardsemail
- Forum Contributor
- Posts: 136
- Joined: Thu Jun 03, 2004 9:02 pm
-
dardsemail
- Forum Contributor
- Posts: 136
- Joined: Thu Jun 03, 2004 9:02 pm
-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
You can always use:
Code: Select all
$var = '';-
PAW Projects
- Forum Commoner
- Posts: 30
- Joined: Tue Jun 15, 2004 7:43 am
- Contact:
Re: How to 'clean' data for security purposes
First of all, make sure those variables passed through a URL are checked independently.dardsemail wrote:How do I go about cleaning a variable to ensure that it isn't some bogus variable entered by a user. I'm speaking particularly of variables that are passed through a URL.
Thanks!
You don't want to be inserting user-modifyable data straight into a database query.
For instance, check if numbers are indeed numbers with [php_man]is_numeric[/php_man].
And use ([php_man]mysql_escape_string[/php_man]).
-
dardsemail
- Forum Contributor
- Posts: 136
- Joined: Thu Jun 03, 2004 9:02 pm