amedhussaini Posted April 19, 2008 Share Posted April 19, 2008 hey guys, fairly new to php/mysql, i've got a site up.. but now i'm trying to tighten up the security before i continue development. i'm in the process, also, of abstracting all reusable stuff to include files. i need some advice on this cleaner function i wrote. is this enough to secure any string "cleaned" with it before putting it into my mysql? what other loose ends should i put in here? all the best guys, amed function clean($string) { $string = ltrim($string); $string = rtrim($string); $string = strip_tags($string); if(!get_magic_slashes_quotes_gpc) { $string = addslashes($string); } return $string; } Link to comment https://forums.phpfreaks.com/topic/101796-basic-cleaner-function-code-review/ Share on other sites More sharing options...
dptr1988 Posted April 19, 2008 Share Posted April 19, 2008 add $string = mysql_real_escape_string($string); before you put it in the database. That will help prevent SQL injection attacks Link to comment https://forums.phpfreaks.com/topic/101796-basic-cleaner-function-code-review/#findComment-520870 Share on other sites More sharing options...
amedhussaini Posted April 19, 2008 Author Share Posted April 19, 2008 add $string = mysql_real_escape_string($string); before you put it in the database. That will help prevent SQL injection attacks thanks dptr1988, i'll add this to the function. anyone else got any others? cheers, amed Link to comment https://forums.phpfreaks.com/topic/101796-basic-cleaner-function-code-review/#findComment-520871 Share on other sites More sharing options...
ohdang888 Posted April 19, 2008 Share Posted April 19, 2008 $string = ltrim($string); $string = rtrim($string); both of those are included in 1 function: $string = trim($string); Link to comment https://forums.phpfreaks.com/topic/101796-basic-cleaner-function-code-review/#findComment-520873 Share on other sites More sharing options...
amedhussaini Posted April 19, 2008 Author Share Posted April 19, 2008 $string = ltrim($string); $string = rtrim($string); both of those are included in 1 function: $string = trim($string); ah, wasn't aware.. i will make the necessary changes. thanks ohdang888. Link to comment https://forums.phpfreaks.com/topic/101796-basic-cleaner-function-code-review/#findComment-520876 Share on other sites More sharing options...
amedhussaini Posted April 19, 2008 Author Share Posted April 19, 2008 the function thus far, with suggested additions: function clean($string) { $string = trim($string); $string = strip_tags($string); if(!get_magic_slashes_quotes_gpc) { $string = addslashes($string); } $string = @mysql_real_escape_string($string); return $string; } i prepended @ to mysql_real_escape_string in case i want to 'clean()' somethin before i'm connected to a mysqli connection. Link to comment https://forums.phpfreaks.com/topic/101796-basic-cleaner-function-code-review/#findComment-520880 Share on other sites More sharing options...
amedhussaini Posted April 19, 2008 Author Share Posted April 19, 2008 me again.. hehe. what is the relation between magic_quotes and mysqli_real_escape_string? i found this in the manual: Note: If magic_quotes_gpc is enabled, first apply stripslashes() to the data. Using this function on data which has already been escaped will escape the data twice. is mysqli_real_escape_string redundant if i addslashes if magic_quotes_gpc is off? Link to comment https://forums.phpfreaks.com/topic/101796-basic-cleaner-function-code-review/#findComment-520884 Share on other sites More sharing options...
dptr1988 Posted April 19, 2008 Share Posted April 19, 2008 mysql_real_escape_string() will escape the string according to SQL specifications, where addslashes() may have different specifcations. You'd have to read the manuals to figure out the details on that. Whatever you do, be sure to use mysql_real_escape_string() to protect yourself from SQL injection attacks. Link to comment https://forums.phpfreaks.com/topic/101796-basic-cleaner-function-code-review/#findComment-520889 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.