querying MySQL

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
guitarlvr
Forum Contributor
Posts: 245
Joined: Wed Mar 21, 2007 10:35 pm

querying MySQL

Post by guitarlvr »

I know when inserting/updating a record in a database you want to run regex to clean up the input from the form. When only selecting items in a database using form input, would I want to go through the extra processing power of using regex or is it ok to accept whatever the user inputs since it isn't actually inserting the input into the database?

Wayne
User avatar
christian_phpbeginner
Forum Contributor
Posts: 136
Joined: Sat Jun 03, 2006 2:43 pm
Location: Java

try addslashes() function and stripslashes() function

Post by christian_phpbeginner »

Hi,

Why would you want to have an extra processing power to SELECT / VIEW data from the database ? It won't be useful anyway, because the WRONG data was already inserted or updated into the database.

The extra processing power by using REGEX in this case would be suitable when INSERTING or UPDATING data into the database. If you do that, you will have the correct data stored in your database....means, you would SELECT / VIEW the correct DATA !

If you want to select data from the database, you will need the stripslashes() PHP built-in function.
User avatar
guitarlvr
Forum Contributor
Posts: 245
Joined: Wed Mar 21, 2007 10:35 pm

Post by guitarlvr »

I definitely make sure valid data is being inserted into the database. I just wasnt sure if i should be validating data before i did my select statements. I didnt t hink i would have to validate it since there is valid data in the database.

Thanks for your response

Wayne
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Always validate your users input. Always. Just because you are selecting with the input doesn't mean that a user can't sneak SQL into the string and cause all sorts of mischief with your data.

Lookup XSS and the like on google. Never trust user input. Never.
Post Reply