I want to make sure to fix all input from a <TEXTAREA> and text inputs. The data in the post will be going into a mySQL database.
Is there a preg_replace() or some other industry standard that is best to use, or are there multiple functions I should use.
Obviously, the general idea is to prevent backslashes, single quotes, double quotes, etc from causing the code to error out (I don't really have much control over the php.ini), and also to prevent injection and other forms of attack.
Any feedback would be greatly appreciated.
Fixing Input
Moderator: General Moderators
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
mysql_real_escape_string() takes care of most issues.
-
timclaason
- Forum Commoner
- Posts: 77
- Joined: Tue Dec 16, 2003 9:06 am
- Location: WI
mysql_real_escape_string
I probably overstated the concern about attacks. It's an internal app, that only 4 or 5 people are using. It's about 100 times more likely to have weird input than it is to be hacked. But the likelihood of there being a slash or single quote is very high.
Is myslq_real_escape_string still the best solution?
PS Thanks for the quick reply
Is myslq_real_escape_string still the best solution?
PS Thanks for the quick reply