Page 1 of 1

Securing Varables for SQL

Posted: Thu Aug 17, 2006 1:31 pm
by reecec
hi all,

just wondering on what else i could do to protect my scripts


i have this when adding and checking users when logingin/registering is there anymore I could do



Code: Select all

// strip away any dangerous tags
$user=strip_tags($user);
$pass=strip_tags($pass);


// remove spaces from variables
$user=str_replace(" ","",$user);
$pass=str_replace(" ","",$pass);


// remove escaped spaces
$user=str_replace("%20","",$user);
$pass=str_replace("%20","",$pass);

// add slashes to stop hacking
$user=addslashes($user);
$pass=addslashes($pass);

// hash users password for security (32 chars random - md5)
$pass=md5($pass);


should i also be using mysql_escape_string


thanks reece

Posted: Thu Aug 17, 2006 1:38 pm
by volka

Code: Select all

// strip away any dangerous tags
// (my)sql does not care about
$user=strip_tags($user);
$pass=strip_tags($pass);


// remove spaces from variables
// (my)sql does not care about
$user=str_replace(" ","",$user);
$pass=str_replace(" ","",$pass);


// remove escaped spaces
// (my)sql does not care about
$user=str_replace("%20","",$user);
$pass=str_replace("%20","",$pass);

// add slashes to stop hacking
// might not be sufficient for (my)sql
$user=addslashes($user);
$pass=addslashes($pass);

// hash users password for security (32 chars random - md5)
// The characters returned by php 's md5() are safe for use in sql - but you cannot md5 everything 
$pass=md5($pass);
reecec wrote:should i also be using mysql_escape_string
even better: mysql_real_escape_string

Posted: Thu Aug 17, 2006 2:15 pm
by reecec
thanks for your reply

so when you say mysql doesnt care about it does this mean it doesnt do anything.


what would be the best way to use the mysql_escape_string with my $user and $pass vars.

like this

Code: Select all

$user1=mysql_real_escape_string($user);
$pass1=mysql_real_escape_string($pass);
is this right ?

yea md5 wouldnt be suitable for everyting as i wouldnt be able to see my data

thanks again reece