Safe php html form inserting into mysql database

Forum Moderators: coopster

Message Too Old, No Replies

Safe php html form inserting into mysql database

The_Hat

7:59 pm on Oct 6, 2008 (gmt 0)

Pretty basic question really.. and I have been doing quite a bit of this kinda stuff but this would be the first form I would have built for the world to insert information into a database and wanted to check my notes.. Will doing a preg_replace or similar to remove or encode special characters make it safe, or at least safer, so I don't get code injected into my database?.. just worried about malicious inserted data.

eeek

3:54 am on Oct 7, 2008 (gmt 0)

PHP provides a function to escape data for mysql. What's wrong with using it?

sastro

5:45 am on Oct 7, 2008 (gmt 0)

If you paranoid, just encode the data using base64_encode and insert into database.

The_Hat

8:00 am on Oct 7, 2008 (gmt 0)

@eeek, nothing. I did say "or similar" didn't I? I did say I hadn't previously built a form to insert data into a database where security against the world would be concern didn't I?

I think both of these would have been fine with just answering "Yup"