ess14 Posted April 15, 2008 Share Posted April 15, 2008 just curious, is it better to use regex to check input into databases than using stripslashes/addslashes etc? I figure that using regex to make sure there is only alphanumeric characters in strings no attacks could occur. is this correct? or am i missing something? of course sometimes you want special characters in your DB, so in which case you would addslashes or use other php functions (real escape string etc). Quote Link to comment Share on other sites More sharing options...
discomatt Posted April 15, 2008 Share Posted April 15, 2008 Regex is a GREAT way to sanitize user input. The stricter you are, the harder it is to inject. This does limit the end-user slightly, so you have to trade off. Your best method to protect is know how your attacks are being performed. The better you know your attacker, the less strict you have to be with your sanitization On the other hand, the more strict you make your sanitzation, the better protected you are against future exploits Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.