Msg#: 4211030 posted 1:07 pm on Oct 4, 2010 (gmt 0)
according to php.net:
Escapes special characters in the unescaped_string, taking into account the current character set of the connection so that it is safe to place it in a mysql_query(). If binary data is to be inserted, this function must be used.
Also take note at the bottom notes:
If magic_quotes_gpc is enabled, first apply stripslashes() to the data. Using this function on data which has already been escaped will escape the data twice.
Msg#: 4211030 posted 8:06 pm on Oct 4, 2010 (gmt 0)
hi there Adam5000,
Sanitising data from form submission isn't reliant just on the function that you quote, as all this does is just add slashes to quotes to make them sql safe, there are other methods available, and this is where you need to research at what you should allow/convert and/or make the exception for.
Strip_tags() is the most useful against removal of html tags, and trim() is useful for getting rid of whitespace - but as each project is different, you will need to assess and see what you need to use.
There are other functions, and for example checking validity of email, this function eleviates the use of preg_ functions (Credit to Readie for this too!):-
Msg#: 4211030 posted 9:52 pm on Oct 4, 2010 (gmt 0)
omoutop: That's good information and gives me food for thought.
Matthew: I understand what you're saying. Sanitizing simply involves checking the user input to make sure it only contains the characters it's supposed to contain.
Or in other words sanitizing involves checking the user input to make sure it DOESN'T contain any characters (malicious or accidental) that foul up or manipulate the database.
That's a good idea.
When creating passwords for myself, for example the password for my hosting site, I've noticed that certain characters are not allowed. And now I know why.
I've got a plan and it seems pretty simple. And after I thought about it I found myself saying "This is too easy to work." I've got most of the code but there's one part I'm not quite sure about. New post coming up.
Msg#: 4211030 posted 10:03 pm on Oct 4, 2010 (gmt 0)
Sanitizing reminds me of a comedy scene I saw on television that I got a grin out of. I think it starred Don Knotts (Barney Fife) as a naive computer user. He accidentally entered a bad character and fouled everything up.