PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Hi
I'm not sure whether to post this here or in php security
How do you think if I define a function like this:
[syntax="php-brief"]function m($variable){
$variable=addslashes($variable);
$variable=strip_tags($variable);
$variable=mysql_real_scape_string($variable);
return $variable;
}
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
You should use mysql_real_scape_string() when you need to save this data in DB. No need for addslashes() when you use mysql_real_scape_string(). Why you are using strip_tags()? If you need to save someone's commets as users do in forums then you should consider the use of htmlspecialchars().
Always make sure you are saving the legitimate data e.g. numbers are provided in the numbers field etc.