Jump to content

protecting forms from user input


tefuzz

Recommended Posts

I am not currently entering the data from my form into a database, this feature will come later on. it is just an email script right now . However, I would like to make sure i am protected in either case. I have seen multiple examples using mysql_real_escape_string() and strip_tags() and strip_slashes(). but which do I use?

 

I am not allowing HTML input in my form, it is all basic information, from small fields (name, address, phone #, email etc) There will however be a text area for comments. Right now I am validating my fields with no "security", and again, I eventually would like to enter the fields to a DB instead of an email, so i ned to be protected from injection. Any info would be great

Link to comment
https://forums.phpfreaks.com/topic/154812-protecting-forms-from-user-input/
Share on other sites

[quote author=jOE :D link=topic=248705.msg1164671#msg1164671 date=1240190038]

You always want to run any doing going into a db through mysql_real_escape_string(), but then there are other methods/functions for sanitizing things like HTML or non alpha numeric characters.

 

like i said, my fields are all basic things like name, email telephone etc. how about things like zip codes? just check if its all numbers, and a correct length?

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.