Cleaning form inputs ??? [PHP]

Chippiewill · 19-12-2011, 08:53 PM

What procedures should I use when cleaning form inputs so they can't do injections and other crap like that?

**Zak** · 19-12-2011, 10:11 PM

mysql_real_escape_string will protect against injection

I usually use

$example = mysql_real_escape_string(htmlentities(trim($_POST['example']))));

triston220 · 19-12-2011, 10:55 PM

^You've got an extra bracket.^

PHP Code:


function Sanitise($input){
return mysql_real_escape_string(strip_tags(html_entities(trim($input))));
}

**Zak** · 19-12-2011, 11:13 PM

Originally Posted by triston220

^You've got an extra bracket.^

Lmao yeh ****. Well spotted

+rep

triston220 · 20-12-2011, 12:04 AM

Originally Posted by Zak

Lmao yeh ****. Well spotted

+rep

Hah, thanks.

Chippiewill · 20-12-2011, 11:59 AM

Do I need to use strip slashes at all?

Edit: If I'm hashing a string do I need to bother cleaning it before hand?

triston220 · 20-12-2011, 01:07 PM

To be honest, you don't really need to sanitise any input if you are hashing/encrypting it, unless the encryption/hash type uses special characters which would intefere with the query.

Chippiewill · 20-12-2011, 01:50 PM

I'm only using sha256 so I assume that's safe?

triston220 · 20-12-2011, 02:30 PM

Originally Posted by Chippiewill

I'm only using sha256 so I assume that's safe?

Pretty much, yes.

Thread: Cleaning form inputs ??? [PHP]

Thread Tools

Cleaning form inputs ??? [PHP]

Posting Permissions