[thelist] DB: filtering input

Jay Greenspan <jay@trans-city.co`UxTo: thelist at lists.evolt.org
Mon Jan 22 16:09:19 CST 2001


Couple of things:

 you probably won't need addslashes(); the setting of magic_quotes gpc in
the php.ini deterimes whether characters are automatically escaped by
backslashes. The default setting is on.

The othe major function to be aware of is strip_tags().
http://www.php.net/manual/en/function.strip-tags.php


-j

on 1/21/01 6:29 AM, Joxn at joxn at vernum.com wrote:

> Hi everybody,
> what do I really need to filter out before I input a string into a DB?
> 
> I have PHP and mySQL at hand for this job.
> 
> These PHP functions come to my mind, but which functions should I use/do
> I need or should I filter "by hand"?
> QuoteMeta()
> AddSlashes()
> htmlEnities()
> htmlSpecialChars()
> 
> Are there any sites on "insert security" that you can suggest?
> 
> Thanks in advance,
> Joxn






More information about the thelist mailing list