Vivid Lust Posted August 29, 2008 Share Posted August 29, 2008 Just wondering how hacker proof doing this is: <?php $name = trim(strip_tags($_POST['name'])); ?> [code] Is there anything else I can add to make it better? [/code] Link to comment https://forums.phpfreaks.com/topic/121912-is-this-a-good-practice-to-fight-hackers/ Share on other sites More sharing options...
DarkWater Posted August 29, 2008 Share Posted August 29, 2008 htmlspecialchars() and mysql_real_escape_string() if you're using a database. Link to comment https://forums.phpfreaks.com/topic/121912-is-this-a-good-practice-to-fight-hackers/#findComment-629061 Share on other sites More sharing options...
The Little Guy Posted August 29, 2008 Share Posted August 29, 2008 $name = trim(strip_tags($_POST['name'])); // OR $name = trim(htmlentities($_POST['name'])); // THEN $query = sprintf("INSERT INTO databaseName (`column`) VALUES ('%s')",mysql_real_escape_string($name)); mysql_query($sql); Link to comment https://forums.phpfreaks.com/topic/121912-is-this-a-good-practice-to-fight-hackers/#findComment-629108 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.