/    Sign up×
Community /Pin to ProfileBookmark

safe data (validation on form)

Copy linkTweet thisAlerts:
Mar 12.2005

hi all, ?

tell me, is this safe, or can I (or MySQL) still be harmed:

  • I have register_globals OFF

  • all input variables are checked like this:

    • $var = htmlspecialchars ($_POST[$var]);

    before put into the DB.

    How do you guys validate input and secure your DB?

    thx!!

    to post a comment
    PHP

    4 Comments(s)

    Copy linkTweet thisAlerts:
    @ShrineDesignsMar 12.2005 — adding slashes or using mysql_escape_string() is a good idea[code=php]foreach($_POST as $k => $v)
    {
    $_POST[$k] = (!get_magic_quotes_gpc()) ? addslashes($v) : $v;
    }[/code]
    Copy linkTweet thisAlerts:
    @AdamGundryMar 12.2005 — Another tip is to accept user input as an integer where possible, then convert it with intval(). The basic principle is to choose what users are allowed to enter, rather than trying to disallow all dangerous stuff.

    Adam
    Copy linkTweet thisAlerts:
    @bokehMar 12.2005 — "magic quotes GPC on" can also help neutralise bogus form data.
    Copy linkTweet thisAlerts:
    @ShrineDesignsMar 12.2005 — [i]Originally posted by bokeh [/i]

    [B]"magic quotes GPC on" can also help neutralise bogus form data. [/B][/QUOTE]    magic_quotes_gpc automatically adds slashes to $_GET, $_POST, and $_COOKIE data
    ×

    Success!

    Help @Bobby_S spread the word by sharing this article on Twitter...

    Tweet This
    Sign in
    Forgot password?
    Sign in with TwitchSign in with GithubCreate Account
    about: ({
    version: 0.1.9 BETA 5.17,
    whats_new: community page,
    up_next: more Davinci•003 tasks,
    coming_soon: events calendar,
    social: @webDeveloperHQ
    });

    legal: ({
    terms: of use,
    privacy: policy
    });
    changelog: (
    version: 0.1.9,
    notes: added community page

    version: 0.1.8,
    notes: added Davinci•003

    version: 0.1.7,
    notes: upvote answers to bounties

    version: 0.1.6,
    notes: article editor refresh
    )...
    recent_tips: (
    tipper: @AriseFacilitySolutions09,
    tipped: article
    amount: 1000 SATS,

    tipper: @Yussuf4331,
    tipped: article
    amount: 1000 SATS,

    tipper: @darkwebsites540,
    tipped: article
    amount: 10 SATS,
    )...