FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Data sanitation for mysql queries.
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Data sanitation for mysql queries. [message #179663 is a reply to message #179662] Fri, 16 November 2012 19:36 Go to previous messageGo to previous message
cph is currently offline  cph
Messages: 10
Registered: September 2012
Karma:
Junior Member
I am not asking about validation that is a whole other topic. This is specifically about sanitation. The problem with real_escape_string is from what I have read its not good enough to prevent sql injections.

On Friday, November 16, 2012 10:56:08 AM UTC-8, Jerry Stuckle wrote:
> On 11/16/2012 1:10 PM, cph wrote:
>
>> FOr sanitizing user input that will be part of a mysql query is addslashes() good enough to prevent mysql injection?
>
>>
>
>
>
> Not at all. You need to validate the data, i.e. integer values are
>
> actually integers, dates are valid, etc. You can use bind parameters as
>
> Daniel indicated, or you can use mysql_real_escape_string() on strings.
>
> Numeric values, dates, etc. do not need further processing if they have
>
> been properly validated. But they need to be validated even if you're
>
> using bind parameters.
>
>
>
> --
>
> ==================
>
> Remove the "x" from my email address
>
> Jerry Stuckle
>
> JDS Computer Training Corp.
>
> jstucklex(at)attglobal(dot)net
>
> ==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: How to add dynamic textbox (row) and save to database using PHP
Next Topic: Scrape dynamically generated hyperlinks
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 10:37:41 GMT 2024

Total time taken to generate the page: 0.04534 seconds