Shaun Posted October 14, 2008 Share Posted October 14, 2008 Hi, I have been reading the quide at http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/ and was just wondering if I would be safe to use these functions in my code. For displaying content from db: function fix_for_page($value){ $value = htmlspecialchars(trim($value)); if (get_magic_quotes_gpc()) $value = stripslashes($value); return $value; } for posting stuff to db: function fix_for_mysql($value){ if (get_magic_quotes_gpc()) $value = stripslashes($value); $value = mysql_real_escape_string($value); return $value; } I guess I would just call the function up on every variable that either gets posted to my db, or viewed from my db? Does anyone have any other recommendations? I am also in the process of recoding a lot of my pages as I was unaware of register globals problems, so if anyone has tips there also? thank you all, Shaun Link to comment https://forums.phpfreaks.com/topic/128436-php-security-protecting-from-sql-injections-etc/ Share on other sites More sharing options...
sKunKbad Posted October 14, 2008 Share Posted October 14, 2008 I think you should take a look at this PHP security video: http://videos.code2design.com/video/play/PHP/11 It is about 45 minutes long, and is very nicely done. Link to comment https://forums.phpfreaks.com/topic/128436-php-security-protecting-from-sql-injections-etc/#findComment-665571 Share on other sites More sharing options...
Shaun Posted October 15, 2008 Author Share Posted October 15, 2008 thanks, that has helped a lot Link to comment https://forums.phpfreaks.com/topic/128436-php-security-protecting-from-sql-injections-etc/#findComment-666039 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.