[thelist] making text boxes more secure

Mike Migurski mike-evolt at teczno.com
Fri Sep 19 12:25:08 CDT 2003


>Wow, I was not aware of SQL injection. I did some research and some
>thinking, and I added some layers of protection to my db server. First,
>the user name and password are filled out and submitted, and are passed
>to a page where this code strips bad stuff (there is one predefined
>username and password, they are not retrieved from a database, so there
>is no connection to a db on this page):
>
>
>$Array[username] = strtolower($Array[username]);
>$username = stripslashes($Array[username]);
<snip>

If you just addslashes(), you won't have to do the rest of that stuff. You
only want to detox the input to make sure that quotes stay symmetrical,
not munge it beyond recognition.

---------------------------------------------------------------------
michal migurski- contact info and pgp key:
sf/ca            http://mike.teczno.com/contact.html



More information about the thelist mailing list