[thelist] making text boxes more secure
Burhan Khalid
thelist at meidomus.com
Sun Sep 21 17:26:32 CDT 2003
Chris W. Parker wrote:
> Nan Harbison <mailto:nansmith at heritageconcord.org>
> on Friday, September 19, 2003 9:39 AM said:
>
>
>>$Array[username] = strtolower($Array[username]);
>>$username = stripslashes($Array[username]);
>>$username = ereg_replace ("'", "", $username);
>>$username = ereg_replace (";", "", $username);
>>$username = ereg_replace ("select", "", $username);
>>$username = ereg_replace ("insert", "", $username);
>
>
> Really all you need to do to protect against SQL injection (as far as I
> understand it) is addslashes(). That will effectively escape all
> potentially malicious characters.
>
> www.php.net/addslashes
There is also mysql_escape_string()
--
Burhan Khalid
thelist[at]meidomus[dot]com
http://www.meidomus.com
More information about the thelist
mailing list