Securing Varables for SQL
Posted: Thu Aug 17, 2006 1:31 pm
hi all,
just wondering on what else i could do to protect my scripts
i have this when adding and checking users when logingin/registering is there anymore I could do
should i also be using mysql_escape_string
thanks reece
just wondering on what else i could do to protect my scripts
i have this when adding and checking users when logingin/registering is there anymore I could do
Code: Select all
// strip away any dangerous tags
$user=strip_tags($user);
$pass=strip_tags($pass);
// remove spaces from variables
$user=str_replace(" ","",$user);
$pass=str_replace(" ","",$pass);
// remove escaped spaces
$user=str_replace("%20","",$user);
$pass=str_replace("%20","",$pass);
// add slashes to stop hacking
$user=addslashes($user);
$pass=addslashes($pass);
// hash users password for security (32 chars random - md5)
$pass=md5($pass);should i also be using mysql_escape_string
thanks reece