[thelist] Form Security
DAVOUD TOHIDY
dtohidy at hotmail.com
Thu Jul 15 21:45:37 CDT 2010
o.k so what would you recommend instead of :
$name=mysql_real_escape_string(strip_tags(stripslashes(htmlentities(trim($_POST['name'])))));
I am trying to prevent the bad user from any misuse of the site and from attacking the site.
In regards to validating I am using preg_match so I am fine with that.
> I didn't understand that question.
My original question was that I am planning to log the user (who wants to use the search engine in the site to search the site or use the contact form in the site) in on the fly without letting the user know while providing the user with the "USER" privileges or if possible with no privileges at all.
Does this make any sense at all in regards to securing a site or it is just a dream :)
thanks for your input
_________________________________________________________________
Turn down-time into play-time with Messenger games
http://go.microsoft.com/?linkid=9734385
More information about the thelist
mailing list