+- Support Forums (https://www.supportforums.net)
+-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87)
+--- Forum: Coding Support Forums (https://www.supportforums.net/forumdisplay.php?fid=18)
+---- Forum: PHP The Hypertext Preprocessor (https://www.supportforums.net/forumdisplay.php?fid=21)
+---- Thread: Best way to sanitize / filter user input? (/showthread.php?tid=7532)
Best way to sanitize / filter user input? - RPicard - 06-01-2010
The script I'm creating, like most, involves a lot of user input. What php filters should I use to sanitize the input that will be inserted into a database.
RE: Best way to sanitize / filter user input? - Buffy - 06-01-2010
http://php.net/manual/en/function.mysql-real-escape-string.php
http://php.net/manual/en/function.addslashes.php
You could also create an array with unwanted queries, and, if the input contains anything in the array, echo "invalid input";
Those are the first two ideas, but, if you have an imagination, you can come up with different, and fun, ways of protecting input.
RE: Best way to sanitize / filter user input? - RPicard - 06-01-2010
Thanks for the info. I'll check them out.
RE: Best way to sanitize / filter user input? - hexon - 06-04-2010
Do not use addslashes() , because it can be bypassed easily , use mysql_real_escape_string() or mysqli_real_escape_string() if you are using mysqli
RE: Best way to sanitize / filter user input? - Omniscient - 06-06-2010
One of the best things you can do is to create your own function to quick sanitize input. This will allow you a greater degree of control and options plus you can upgrade and alter your sanitize function which will work across your whole site.
Look into this too:
http://us2.php.net/manual/en/ref.filter.php
That's only php 5 compatible but it looks great. Lots of options to filter input.
Pretty cool stuff: http://us2.php.net/manual/en/filter.filters.sanitize.php
RE: Best way to sanitize / filter user input? - Aaron Clifford - 06-07-2010
Yeah was about to say that, make a function. Will try and dig one up I created.
RE: Best way to sanitize / filter user input? - RPicard - 06-08-2010
(06-06-2010, 09:41 AM)Omniscient Wrote: One of the best things you can do is to create your own function to quick sanitize input. This will allow you a greater degree of control and options plus you can upgrade and alter your sanitize function which will work across your whole site.
Look into this too:
http://us2.php.net/manual/en/ref.filter.php
That's only php 5 compatible but it looks great. Lots of options to filter input.
Pretty cool stuff: http://us2.php.net/manual/en/filter.filters.sanitize.php
That's a good idea. Thanks.
RE: Best way to sanitize / filter user input? - Lord-Nikon - 06-13-2010
Also a very handy way of sanitizing is using the strip_tags() function from PHP. This will strip all tags and an optional parameter to include tags not to be stripped.
http://www.php.net/strip_tags
This is very useful if you do not want any <script> etc. tags in your user input.