limitphp Posted December 17, 2008 Share Posted December 17, 2008 I run all $_GET data through the mysql_real_escape_string. Is it necessary to run all of the from data ($_POST) through it as well? thanks Link to comment https://forums.phpfreaks.com/topic/137373-solved-do-you-need-to-run-_post-data-through-mysql_real_escape_string/ Share on other sites More sharing options...
rhodesa Posted December 17, 2008 Share Posted December 17, 2008 absolutely YES Link to comment https://forums.phpfreaks.com/topic/137373-solved-do-you-need-to-run-_post-data-through-mysql_real_escape_string/#findComment-717749 Share on other sites More sharing options...
trq Posted December 17, 2008 Share Posted December 17, 2008 If your planning on using it in a database query, yes. Link to comment https://forums.phpfreaks.com/topic/137373-solved-do-you-need-to-run-_post-data-through-mysql_real_escape_string/#findComment-717750 Share on other sites More sharing options...
limitphp Posted December 17, 2008 Author Share Posted December 17, 2008 What about something as simple as index.php?logout=yes And then in my code, all I do is check to see it $logout = "yes" If it does I do stuff, if not I do nothing. $logout is never used in a query. But could they still inject some bad stuff in the querystring? Link to comment https://forums.phpfreaks.com/topic/137373-solved-do-you-need-to-run-_post-data-through-mysql_real_escape_string/#findComment-717755 Share on other sites More sharing options...
rhodesa Posted December 17, 2008 Share Posted December 17, 2008 sorry...should have made that point. when using it in SQL queries, make sure you do. for the simple logout check, you don't need to. Link to comment https://forums.phpfreaks.com/topic/137373-solved-do-you-need-to-run-_post-data-through-mysql_real_escape_string/#findComment-717792 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.