View Full Version : Cleaning form inputs ??? [PHP]
Chippiewill
19-12-2011, 08:53 PM
What procedures should I use when cleaning form inputs so they can't do injections and other crap like that?
mysql_real_escape_string will protect against injection
I usually use
$example = mysql_real_escape_string(htmlentities(trim($_POST['example']))));
triston220
19-12-2011, 10:55 PM
^You've got an extra bracket.^
function Sanitise($input){
return mysql_real_escape_string(strip_tags(html_entities( trim($input))));
}
^You've got an extra bracket.^
Lmao yeh ****. Well spotted :P +rep
triston220
20-12-2011, 12:04 AM
Lmao yeh ****. Well spotted :P +rep
Hah, thanks. :P
Chippiewill
20-12-2011, 11:59 AM
Do I need to use strip slashes at all?
Edit: If I'm hashing a string do I need to bother cleaning it before hand?
triston220
20-12-2011, 01:07 PM
To be honest, you don't really need to sanitise any input if you are hashing/encrypting it, unless the encryption/hash type uses special characters which would intefere with the query.
Chippiewill
20-12-2011, 01:50 PM
I'm only using sha256 so I assume that's safe?
triston220
20-12-2011, 02:30 PM
I'm only using sha256 so I assume that's safe?
Pretty much, yes.
Want to hide these adverts? Register an account for free!
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.