Shaun Posted October 14, 2008 Share Posted October 14, 2008 Hi, I have been reading the quide at http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/ and was just wondering if I would be safe to use these functions in my code. For displaying content from db: function fix_for_page($value){ $value = htmlspecialchars(trim($value)); if (get_magic_quotes_gpc()) $value = stripslashes($value); return $value; } for posting stuff to db: function fix_for_mysql($value){ if (get_magic_quotes_gpc()) $value = stripslashes($value); $value = mysql_real_escape_string($value); return $value; } I guess I would just call the function up on every variable that either gets posted to my db, or viewed from my db? Does anyone have any other recommendations? I am also in the process of recoding a lot of my pages as I was unaware of register globals problems, so if anyone has tips there also? thank you all, Shaun Quote Link to comment https://forums.phpfreaks.com/topic/128436-php-security-protecting-from-sql-injections-etc/ Share on other sites More sharing options...
sKunKbad Posted October 14, 2008 Share Posted October 14, 2008 I think you should take a look at this PHP security video: http://videos.code2design.com/video/play/PHP/11 It is about 45 minutes long, and is very nicely done. Quote Link to comment https://forums.phpfreaks.com/topic/128436-php-security-protecting-from-sql-injections-etc/#findComment-665571 Share on other sites More sharing options...
Shaun Posted October 15, 2008 Author Share Posted October 15, 2008 thanks, that has helped a lot Quote Link to comment https://forums.phpfreaks.com/topic/128436-php-security-protecting-from-sql-injections-etc/#findComment-666039 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.