webref.eu Posted July 31, 2008 Share Posted July 31, 2008 Hi All Could people give me a very general overview of best practice for getting data into MySQL. I am mainly concerned with techniques for handling single quotes, double quotes and special characters. For example, should I be storing single quotes as slash escaped etc etc. Any general advice or links to decent data insertion tutorials much appreciated. Thanks All. Quote Link to comment Share on other sites More sharing options...
niranjnn01 Posted July 31, 2008 Share Posted July 31, 2008 . Quote Link to comment Share on other sites More sharing options...
niranjnn01 Posted July 31, 2008 Share Posted July 31, 2008 I will comment with the little knowlege i have,..... generally speaking, you need to validate all the foreign data [data from users inputs ]. - by validation, we mean, you need to check if the data is what you expect it to be. Ie , if you are asking for a name, and what you get is %;j@#%'' , it will be of little or no use. It may even lead to mysql injection if cleaverly crafted. - you can use the functions mysql_real_escape_string() which will escape all harmfull characters which can cause trouble when used in queries. - you need to take care of values that can be given towards the end of the mysql query, like LIMIT, GROUP BY etc, because , if users can somehow enter values for these, then they can add additional stuff with the values ike 0; drop table table_name here, ";" indicates the end of a query, and the text that comes after it is treated as a second query and will be executed.!!!! bottom line, validate each and every input from the user, to see if the given input is what you expect it to be. Hope this helps Regards Rakesh Quote Link to comment Share on other sites More sharing options...
JD* Posted July 31, 2008 Share Posted July 31, 2008 Check out the following: addslashes and htmlentities They should get you 90% of the way. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.