limitphp Posted December 17, 2008 Share Posted December 17, 2008 I run all $_GET data through the mysql_real_escape_string. Is it necessary to run all of the from data ($_POST) through it as well? thanks Quote Link to comment https://forums.phpfreaks.com/topic/137373-solved-do-you-need-to-run-_post-data-through-mysql_real_escape_string/ Share on other sites More sharing options...
rhodesa Posted December 17, 2008 Share Posted December 17, 2008 absolutely YES Quote Link to comment https://forums.phpfreaks.com/topic/137373-solved-do-you-need-to-run-_post-data-through-mysql_real_escape_string/#findComment-717749 Share on other sites More sharing options...
trq Posted December 17, 2008 Share Posted December 17, 2008 If your planning on using it in a database query, yes. Quote Link to comment https://forums.phpfreaks.com/topic/137373-solved-do-you-need-to-run-_post-data-through-mysql_real_escape_string/#findComment-717750 Share on other sites More sharing options...
limitphp Posted December 17, 2008 Author Share Posted December 17, 2008 What about something as simple as index.php?logout=yes And then in my code, all I do is check to see it $logout = "yes" If it does I do stuff, if not I do nothing. $logout is never used in a query. But could they still inject some bad stuff in the querystring? Quote Link to comment https://forums.phpfreaks.com/topic/137373-solved-do-you-need-to-run-_post-data-through-mysql_real_escape_string/#findComment-717755 Share on other sites More sharing options...
rhodesa Posted December 17, 2008 Share Posted December 17, 2008 sorry...should have made that point. when using it in SQL queries, make sure you do. for the simple logout check, you don't need to. Quote Link to comment https://forums.phpfreaks.com/topic/137373-solved-do-you-need-to-run-_post-data-through-mysql_real_escape_string/#findComment-717792 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.