The script I'm creating, like most, involves a lot of user input. What php filters should I use to sanitize the input that will be inserted into a database.
Thanks for the info. I'll check them out.
Do not use addslashes() , because it can be bypassed easily , use mysql_real_escape_string() or mysqli_real_escape_string() if you are using mysqli
Yeah was about to say that, make a function. Will try and dig one up I created.
(06-06-2010, 09:41 AM)Omniscient Wrote: [ -> ]One of the best things you can do is to create your own function to quick sanitize input. This will allow you a greater degree of control and options plus you can upgrade and alter your sanitize function which will work across your whole site.
Look into this too:
http://us2.php.net/manual/en/ref.filter.php
That's only php 5 compatible but it looks great. Lots of options to filter input.
Pretty cool stuff: http://us2.php.net/manual/en/filter.filt...nitize.php
That's a good idea. Thanks.
Also a very handy way of sanitizing is using the strip_tags() function from PHP. This will strip all tags and an optional parameter to include tags not to be stripped.
http://www.php.net/strip_tags
This is very useful if you do not want any <script> etc. tags in your user input.