Jump to content

Making a TEXT FIELD secure!, how?


bilis_money

Recommended Posts

Ok, i'm  trying to make a search box for my website.
and everything is working fine.

now at the moment of testing and looking for holes i notice that
when i type these ~, !, @, #, $, %, ^, &, *< (), (, ., *.* and etc.
it produces error messages or will display all the records and etc.

now i know that this is not intended to do this way but i think this is one of the holes that a cracker can exploit.

I'm was thinking if this can be solve by using stripslashes() or related with this? I'm hoping that you can give me advice on this, on how to remove this problem.


Thank you very much in advance.



Link to comment
Share on other sites

[quote]
Description
string mysql_escape_string ( string unescaped_string )


This function will escape the unescaped_string, so that it is safe to place it in a mysql_query(). This function is deprecated.

This function is identical to mysql_real_escape_string() except that mysql_real_escape_string() takes a connection handler and escapes the string according to the current character set. mysql_escape_string() does not take a connection argument and does not respect the current charset setting.
[/quote]

It pretty much is sayin that _real_escape is the newer version...
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.