-Karl- Posted May 20, 2010 Share Posted May 20, 2010 I have my form and I have a function called sanitize, strips tags, strips slashes, etc. Anyway, I can't use that function on a field which needs and URL being input. What would be the best method to protect from MySQL injections, Regex? Quote Link to comment https://forums.phpfreaks.com/topic/202411-form-sanitisation/ Share on other sites More sharing options...
Jiin Posted May 20, 2010 Share Posted May 20, 2010 Perhaps an escape html characters regex? Ensure the html characters are escaped appropriately for your database. Quote Link to comment https://forums.phpfreaks.com/topic/202411-form-sanitisation/#findComment-1061256 Share on other sites More sharing options...
premiso Posted May 20, 2010 Share Posted May 20, 2010 For MySQL injections simply use mysql_real_escape_string on form data. This will do proper escaping. But you should always validate the data before you insert it. If you expect a URL, do a regex to make sure the URL is a valid URL and not some random set of characters etc. As for the URL sanitizing, it is great to sanitize, but beware of xss exploits if you are using that url in some form or another. Quote Link to comment https://forums.phpfreaks.com/topic/202411-form-sanitisation/#findComment-1061270 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.