Jump to content

If you take user inputs and use the functions strip_tags() and addslashes(),...


Kibret

Recommended Posts

Will it pretty much solve every threat?

 

*and for database queries, mysql_real_escape_string()

 

 

What other functions are there?

 

use mysql_real_escape_string() instead.  They'll be removing addslashes() from PHP6.

 

In terms of security, if you want to be on the safe side you can cast your variables as well. 

 

//after fetching the variable $tableID

$tableID = (int)$tableID;

 

etc

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.