[thelist] making text boxes more secure

Burhan Khalid thelist at meidomus.com
Sun Sep 21 17:26:32 CDT 2003


Chris W. Parker wrote:
> Nan Harbison <mailto:nansmith at heritageconcord.org>
>     on Friday, September 19, 2003 9:39 AM said:
> 
> 
>>$Array[username] = strtolower($Array[username]);
>>$username = stripslashes($Array[username]);
>>$username = ereg_replace ("'", "", $username);
>>$username = ereg_replace (";", "", $username);
>>$username = ereg_replace ("select", "", $username);
>>$username = ereg_replace ("insert", "", $username);
> 
> 
> Really all you need to do to protect against SQL injection (as far as I
> understand it) is addslashes(). That will effectively escape all
> potentially malicious characters.
> 
> www.php.net/addslashes

There is also mysql_escape_string()

-- 
Burhan Khalid
thelist[at]meidomus[dot]com
http://www.meidomus.com



More information about the thelist mailing list