Best practices for adding data to MySQL

[webref.eu]

Hi All

 

Could people give me a very general overview of best practice for getting data into MySQL.  I am mainly concerned with techniques for handling single quotes, double quotes and special characters.  For example, should I be storing single quotes as slash escaped etc etc.  Any general advice or links to decent data insertion tutorials much appreciated. 

 

Thanks All.

[niranjnn01]

.

[niranjnn01]

I will comment with the little knowlege i have,.....

generally speaking,

 

you need to validate all the foreign data [data from users inputs ].

 

- by validation, we mean, you need to check if the data is what you expect it to be. Ie , if you are asking for a name, and what you get is %;j@#%'' , it will be of little or no use. It may even lead to mysql injection if cleaverly crafted.

 

- you can use the functions mysql_real_escape_string() which will escape all harmfull characters which can cause trouble when used in queries.

 

- you need to take care of values that can be given towards the end of the mysql query, like LIMIT,  GROUP BY etc, because , if users can somehow enter values for these, then they can add additional stuff with the values ike

 

0; drop table table_name

 

here, ";" indicates the end of a query, and the text that comes after it is treated as a second query and will be executed.!!!!

 

bottom line, validate each and every input from the user, to see if the given input is what you expect it to be.

 

Hope this helps 

Regards

Rakesh

[JD*]

Check out the following:

 

addslashes and htmlentities

 

They should get you 90% of the way.