PHP/ Form validation

Forum Moderators: coopster

Message Too Old, No Replies

PHP/ Form validation

ktsirig

10:47 pm on Sep 26, 2005 (gmt 0)

Hi all,
I don't know much about security and stuff. I just wanted to know whether I have to take any precautions in a PHP form I have written, from which the user can extract data from my SQL database.
In most fields supplied by the form, users can enter digits and/or text.
Do I need to check/validate anything?
Any hints on how to start or any tutorial suggestions?

A friend from another forum suggested
that the most useful functions are stripslashes(), addslashes(), strip_tags(), htmlspecialchars(), and mysql_real_escape_string(). Type specific functions can also be useful: intval(), floatval(), etc. And for complex validations, preg_replace() and preg_match().

Anything else I might need to look up?
Thanx

coopster

11:31 pm on Sep 26, 2005 (gmt 0)

Hi ktsirig and welcome to WebmasterWorld.

Have you done a search over this site on PHP security and form validation? There has been quite a bit more discussion lately regarding the topic as many feel as you do.

This recent thread on form validation [webmasterworld.com] and the link provided by jatar_k should get you started off right.

ktsirig

7:45 am on Sep 27, 2005 (gmt 0)

Thanx,
will begin the searching...

coopster

1:32 pm on Sep 27, 2005 (gmt 0)

All right, sounds like a plan. You'll find quite a bit of good advice/information. If you have any specific questions or struggles let us know and we'll see if we can help you through.