Jop application form.

[Calon]

PHP Code:

addslashes(htmlspecialchars($_POST['email'])) 


Not keen on that, I'd have something along the lines of..

PHP Code:

function streetcleaner($string) { 

$string = htmlspecialchars( $string );
$string = addslashes( $string );
$string = mysql_real_escape_string( $string );
$string = stripslashes( $string );

return $string;
}

streetcleaner($_POST["email"]); 


[Source]

It doesn't matter that much calon as its only doing into a mail functions and no databases are present so it would be relativly hard to hack it. Unless they were trying to run the system command to run a shell or something.

[Excellent]

PHP Code:

addslashes(htmlspecialchars($_POST['email'])) 


Not keen on that, I'd have something along the lines of..

PHP Code:

function streetcleaner($string) { 

$string = htmlspecialchars( $string );
$string = addslashes( $string );
$string = mysql_real_escape_string( $string );
$string = stripslashes( $string );

return $string;
}

streetcleaner($_POST["email"]); 


I'd probably use that if my script was a lot more bigger and was using databases as it's much more secure than addslashes and specialchars :p Thanks though

[Dentafrice]

just do htmlentities and mysql_real_escape_string even though it isn't going into a database.

Should make it pretty secure

[Calon]

Oh, right.. Never noticed

You should make them log within the database or something then.