Validating large amount of strings
Posted: Mon Oct 23, 2006 1:51 am
Let's say this is my mysql_query:
Is there a better way to validate those to stop SQL ingections, XSS etc other than validating one at a time like:
I'm not sure if there are proper ways to do this... Is it better the validate one at a time or not?
If you could sehd some light, it would be greatly appreciated...
Code: Select all
mysql_query("update orders set contact_fname='$_POST[contact_fname]', contact_lname='$_POST[contact_lname]', contact_company='$_POST[contact_company]', contact_email='$_POST[contact_email]', contact_phone='$_POST[contact_phone]', contact_fax='$_POST[contact_fax]', contact_address='$_POST[contact_address]', contact_city='$_POST[contact_city]', contact_state='$_POST[contact_state]', contact_postcode='$_POST[contact_postcode]', contact_country='$_POST[contact_country]' where orderid='$orderid'") or die(mysql_error());Code: Select all
$contact_fname = makesafe($_POST[contact_fname]);
$contact_lname = makesafe($_POST[contact_lname]);
etc etcIf you could sehd some light, it would be greatly appreciated...