Jump to content

Form sanitisation


-Karl-

Recommended Posts

For MySQL injections simply use mysql_real_escape_string on form data. This will do proper escaping. But you should always validate the data before you insert it. If you expect a URL, do a regex to make sure the URL is a valid URL and not some random set of characters etc.

 

As for the URL sanitizing, it is great to sanitize, but beware of xss exploits if you are using that url in some form or another.

Link to comment
https://forums.phpfreaks.com/topic/202411-form-sanitisation/#findComment-1061270
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.