FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Sanitising input
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Sanitising input [message #172087 is a reply to message #172084] Sun, 30 January 2011 15:00 Go to previous messageGo to previous message
Michael Fesser is currently offline  Michael Fesser
Messages: 215
Registered: September 2010
Karma:
Senior Member
.oO(Mad Hatter)

> I'm writing a simple script which will take a users input, save it to a
> mysql database and then display it. I'm going to use htmlentities() to
> clean things up which I hope will stop basic attacks but how else should I
> sanitise my input?

htmlentities() (or better htmlspecialchars()) is used for preparing
_output_ to an HTML page in order to prevent cross-site scripting
attacks. It doesn't sanitise your input that goes into the database!
That's what mysql_real_escape_string() and the like or prepared
statements are for.

Micha
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Only SPAM!!!
Next Topic: What *tasks* are hard for PHP?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 02:47:33 GMT 2024

Total time taken to generate the page: 0.04147 seconds