SharkBait Posted September 11, 2006 Share Posted September 11, 2006 HI, When using PHP with MySQL what are some good rules for processing $_GET variables?Should each $_GET[] had a mysql_real_escape_string() thrown around it to help with possible injections?What are your recommendations without using a 3rd party class? Link to comment https://forums.phpfreaks.com/topic/20407-mysql-php-best-practices/ Share on other sites More sharing options...
obsidian Posted September 11, 2006 Share Posted September 11, 2006 as far as the first one, it really depends on the type of input field, but as a general rule, every user input should at the very least get escaped with addslashes() or mysql_real_escape_string() before being inserted. you should probably run strip_tags() and some other checks on it as well. it's usually a good practice to write up a function or even a class to give you more control and simply pass your $_POST through it on each submit. Link to comment https://forums.phpfreaks.com/topic/20407-mysql-php-best-practices/#findComment-89907 Share on other sites More sharing options...
SharkBait Posted September 11, 2006 Author Share Posted September 11, 2006 I'll look into doing a function/class for this. Thanks obsidian Link to comment https://forums.phpfreaks.com/topic/20407-mysql-php-best-practices/#findComment-89913 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.