Jump to content


Photo

Secure php form


  • Please log in to reply
2 replies to this topic

#1 izzy

izzy
  • Members
  • PipPipPip
  • Advanced Member
  • 31 posts

Posted 12 July 2006 - 09:38 AM

How can i stop people from getting to my database by entering php/mysql code into the forms i use on my site.
Think of ...
login field
registration form
search field
etc.

Greetings,
Izzy

#2 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 12 July 2006 - 09:48 AM

You should use a function called mysql_real_escape_string which will help to prevent SQL Injection attacks when dealling with data that gets sent to a database, such as login forms. Also you should use a function called strip_tags too to stop HTML/javascript from being entered in to your forms too.

Other functions you should use htmlentied / htmlspecialchars, addslashes

You should never use raw data that has been inputted by users.

#3 izzy

izzy
  • Members
  • PipPipPip
  • Advanced Member
  • 31 posts

Posted 12 July 2006 - 10:09 AM

I'll chek it out.
Thanks for the info.

Greetings,
Izzy




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users