Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
Moderator: General Moderators
Luke
The Ninja Space Mod
Posts: 6424 Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA
Post
by Luke » Tue Nov 08, 2005 6:31 pm
Well this relates to the ol' SQL injection topic. I am just wondering this...
If I wrap everything submitted from the user in the following, will this be pretty secure from injection?
Code: Select all
strip_tags(mysql_real_escape_string($dirtydirtyinput))
Burrito
Spockulator
Posts: 4715 Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah
Post
by Burrito » Tue Nov 08, 2005 7:29 pm
just the mysql_real_escape_string() should be sufficient.
Nathaniel
Forum Contributor
Posts: 396 Joined: Wed Aug 31, 2005 5:58 pm
Location: Arkansas, USA
Post
by Nathaniel » Tue Nov 08, 2005 8:14 pm
and single quotes around your variable... mysql_query("... SET foo = '$escaped_string'");