1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 1:19 am May 2, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Escaping characters in user input

what are peoples best practice solutions to coping with user input

         

hughie

9:43 am on Jan 3, 2006 (gmt 0)

10+ Year Member



Hi All

I am yet to stumble across the best practice solution for coping with dangerous characters in SQL, be it add_slashes, magic quotes, html_entities() etc.. i'm never quite sure what the best approach is.

What do other people do to peoples input to make sure it is SQL safe?

Cheers,
hughie

jackvull

4:52 pm on Jan 3, 2006 (gmt 0)

10+ Year Member



Those will work. Also try strip_tags().
I also use a str_replace array to remove characters such as ; \ etc.

MatthewHSE

5:03 pm on Jan 3, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Before writing to your MySQL database, use mysql_real_escape_string() on ALL the data you plan to write to the db. I even do this on data that is being generated by the script with no user input at all, just to be completely safe.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 1:19 am May 2, 2026