06-01-2010, 01:56 PM
The script I'm creating, like most, involves a lot of user input. What php filters should I use to sanitize the input that will be inserted into a database.
06-01-2010, 01:56 PM
06-01-2010, 04:20 PM
http://php.net/manual/en/function.mysql-...string.php
http://php.net/manual/en/function.addslashes.php
You could also create an array with unwanted queries, and, if the input contains anything in the array, echo "invalid input";
Those are the first two ideas, but, if you have an imagination, you can come up with different, and fun, ways of protecting input.
http://php.net/manual/en/function.addslashes.php
You could also create an array with unwanted queries, and, if the input contains anything in the array, echo "invalid input";
Those are the first two ideas, but, if you have an imagination, you can come up with different, and fun, ways of protecting input.
06-01-2010, 09:02 PM
Thanks for the info. I'll check them out.
06-04-2010, 02:25 AM
Do not use addslashes() , because it can be bypassed easily , use mysql_real_escape_string() or mysqli_real_escape_string() if you are using mysqli
06-06-2010, 09:41 AM
One of the best things you can do is to create your own function to quick sanitize input. This will allow you a greater degree of control and options plus you can upgrade and alter your sanitize function which will work across your whole site.
Look into this too:
http://us2.php.net/manual/en/ref.filter.php
That's only php 5 compatible but it looks great. Lots of options to filter input.
Pretty cool stuff: http://us2.php.net/manual/en/filter.filt...nitize.php
Look into this too:
http://us2.php.net/manual/en/ref.filter.php
That's only php 5 compatible but it looks great. Lots of options to filter input.
Pretty cool stuff: http://us2.php.net/manual/en/filter.filt...nitize.php
06-07-2010, 12:17 PM
Yeah was about to say that, make a function. Will try and dig one up I created.
06-08-2010, 10:58 AM
(06-06-2010, 09:41 AM)Omniscient Wrote: [ -> ]One of the best things you can do is to create your own function to quick sanitize input. This will allow you a greater degree of control and options plus you can upgrade and alter your sanitize function which will work across your whole site.
Look into this too:
http://us2.php.net/manual/en/ref.filter.php
That's only php 5 compatible but it looks great. Lots of options to filter input.
Pretty cool stuff: http://us2.php.net/manual/en/filter.filt...nitize.php
That's a good idea. Thanks.
06-13-2010, 04:05 AM
Also a very handy way of sanitizing is using the strip_tags() function from PHP. This will strip all tags and an optional parameter to include tags not to be stripped.
http://www.php.net/strip_tags
This is very useful if you do not want any <script> etc. tags in your user input.
http://www.php.net/strip_tags
This is very useful if you do not want any <script> etc. tags in your user input.