vijdev Posted May 16, 2010 Share Posted May 16, 2010 Can someone please help me with the following.I have gone from zero to all understood to all confused! When to use what, and which is the best method to not get my site hacked with injections,etc.? Should I use more than any one of the below simultaneously and in what instances? strip_ tags() htmlentities() striplslashes() mysql_real_escape_string() addslashes() trim() htmlspecialchars() urlencode() and any other similar working ones() Quote Link to comment Share on other sites More sharing options...
Zyx Posted May 16, 2010 Share Posted May 16, 2010 One of the following: mysql_real_escape_string() addslashes() should be used on inserting the string data to the database. Note that you must watch out for magic quotes and that it won't protect your data are not enclosed within quotes. Another good thing to protect against SQL Injection is using PDO and data binding. One of the following: htmlspecialchars() strip_ tags() When you display the data on a HTML page and you don't want user to use HTML in this particular field. The actual choice depends on what you need. For example, I prefer htmlspecialchars() which changes special HTML characters into entities, so that they act normally. Sometimes the users might want to put them, but they do not indend to do anything bad, especially - injecting HTML. Note that none of these functions prevents you against JS injection in attributes. Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted May 16, 2010 Share Posted May 16, 2010 One of the following: mysql_real_escape_string() addslashes() No, you shouldn't use addslashes() when inserting into a database. It isn't sufficient. Quote Link to comment Share on other sites More sharing options...
vijdev Posted May 16, 2010 Author Share Posted May 16, 2010 am getting a little idea, but need miles to go... Quote Link to comment Share on other sites More sharing options...
vijdev Posted May 17, 2010 Author Share Posted May 17, 2010 still waiting!!!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.