|
||||||
| PHP Forum Use this forum to discuss all aspects of PHP Development. PHP is a server-side, cross-platform, HTML embedded scripting language that lets you create dynamic web pages. |
![]() |
|
|
LinkBack | Thread Tools | Search this Thread | Display Modes |
|
|||
|
My Security function: PHP Code:
__________________
Realize the Web Web services and design.
|
|
|||||
|
mysql_real_escape_string is probably the safest way to cleanse tainted data directed at a MySQL database.
__________________
CodeCall Blog | CodeCall Wiki | Shareware Site | Linux Forum | Write a Blog Post a job on our freelance section! Paste between computers/devices and Collaborate on Code!. |
|
|||
|
Well these are the 2 articles I looked at Codex Securitatis » The Curse of Magic Quotes and [The Unexpected SQL Injection] Web Security Articles - Web Application Security Consortium
__________________
Realize the Web Web services and design.
|
|
|||||
|
The first article (excellent read) doesn't say anything bad against mysql_real_escape_string directly. It does state that if you escape all post/get quotes you can mess up data. Basically, you should only use mysql_real_escape_string at data aimed for mysql (and if you are not using mysql you shouldn't use this unless you are willing to make a DB connection). For article #2 I didn't read the whole thing but skipped directly to section #3 which states: Quote:
__________________
CodeCall Blog | CodeCall Wiki | Shareware Site | Linux Forum | Write a Blog Post a job on our freelance section! Paste between computers/devices and Collaborate on Code!. |
|
|||||
|
another method that should be used in conjunction with escaping is to use regular expressions to make sure the data that goes into the database is the data you expect Posted via CodeCall Mobile |
![]() |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Algorithms and Data Structures
Programming Language Popularity
Code Collaboration
Podnet IRC Network
AmpHosted
Goal #1: 1,000 Blogs
Goal #2: 1,000 Wiki Pages
Goal #3: 300,000 Posts
Goal #4: 20,000 Threads
Done: 30%, 23%, 55%, 75%