FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Data sanitation for mysql queries.
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Data sanitation for mysql queries. [message #179664 is a reply to message #179663] Fri, 16 November 2012 21:46 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 11/16/2012 2:36 PM, cph wrote:
> On Friday, November 16, 2012 10:56:08 AM UTC-8, Jerry Stuckle wrote:
>> On 11/16/2012 1:10 PM, cph wrote:
>>
>>> FOr sanitizing user input that will be part of a mysql query is addslashes() good enough to prevent mysql injection?
>>
>>>
>>
>>
>>
>> Not at all. You need to validate the data, i.e. integer values are
>>
>> actually integers, dates are valid, etc. You can use bind parameters as
>>
>> Daniel indicated, or you can use mysql_real_escape_string() on strings.
>>
>> Numeric values, dates, etc. do not need further processing if they have
>>
>> been properly validated. But they need to be validated even if you're
>>
>> using bind parameters.
>>
>>
>>

> I am not asking about validation that is a whole other topic. This is
> specifically about sanitation. The problem with real_escape_string is
> from what I have read its not good enough to prevent sql injections.

<Top posting fixed>

The whole purpose of mysql_escape_string() is to prepare strings for
insertion into the database. Where did you read it wasn't good enough
to prevent sql injections?

P.S. Please don't top post.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: How to add dynamic textbox (row) and save to database using PHP
Next Topic: Scrape dynamically generated hyperlinks
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 10:41:50 GMT 2024

Total time taken to generate the page: 0.05614 seconds