Fixing Input

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
timclaason
Forum Commoner
Posts: 77
Joined: Tue Dec 16, 2003 9:06 am
Location: WI

Fixing Input

Post by timclaason »

I want to make sure to fix all input from a <TEXTAREA> and text inputs. The data in the post will be going into a mySQL database.

Is there a preg_replace() or some other industry standard that is best to use, or are there multiple functions I should use.

Obviously, the general idea is to prevent backslashes, single quotes, double quotes, etc from causing the code to error out (I don't really have much control over the php.ini), and also to prevent injection and other forms of attack.

Any feedback would be greatly appreciated.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

mysql_real_escape_string() takes care of most issues.
timclaason
Forum Commoner
Posts: 77
Joined: Tue Dec 16, 2003 9:06 am
Location: WI

mysql_real_escape_string

Post by timclaason »

I probably overstated the concern about attacks. It's an internal app, that only 4 or 5 people are using. It's about 100 times more likely to have weird input than it is to be hacked. But the likelihood of there being a slash or single quote is very high.

Is myslq_real_escape_string still the best solution?

PS Thanks for the quick reply
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Unexpected values are handled by your code. How is up to you.

As for slashes and quotes... you'll just have to try the function. ;)
Post Reply