Jop application form.

~~Calon~~ · 07-08-2008, 06:36 PM

PHP Code:


addslashes(htmlspecialchars($_POST['email']))

Not keen on that, I'd have something along the lines of..

PHP Code:


function streetcleaner($string) { 

$string = htmlspecialchars( $string );
$string = addslashes( $string );
$string = mysql_real_escape_string( $string );
$string = stripslashes( $string );

return $string;
}

streetcleaner($_POST["email"]);

Source · 07-08-2008, 06:45 PM

It doesn't matter that much calon as its only doing into a mail functions and no databases are present so it would be relativly hard to hack it. Unless they were trying to run the system command to run a shell or something.

~~Excellent~~ · 07-08-2008, 06:48 PM

Originally Posted by Calon

PHP Code:


addslashes(htmlspecialchars($_POST['email']))

Not keen on that, I'd have something along the lines of..

PHP Code:


function streetcleaner($string) { 

$string = htmlspecialchars( $string );
$string = addslashes( $string );
$string = mysql_real_escape_string( $string );
$string = stripslashes( $string );

return $string;
}

streetcleaner($_POST["email"]);

I'd probably use that if my script was a lot more bigger and was using databases as it's much more secure than addslashes and specialchars :p Thanks though

Dentafrice · 07-08-2008, 07:29 PM

just do htmlentities and mysql_real_escape_string even though it isn't going into a database.

Should make it pretty secure

~~Calon~~ · 08-08-2008, 01:12 AM

Oh, right.. Never noticed

You should make them log within the database or something then.

Thread: Jop application form.

Thread Tools

Posting Permissions