Jump to content


This topic is now archived and is closed to further replies.


MySQL + PHP Best Practices.

Recommended Posts


When using PHP with MySQL what are some good rules for processing $_GET variables?

Should each $_GET[] had a mysql_real_escape_string() thrown around it to help with possible injections?

What are your recommendations without using a 3rd party class?

Share this post

Link to post
Share on other sites
as far as the first one, it really depends on the type of input field, but as a general rule, every user  input should at the very least get escaped with addslashes() or mysql_real_escape_string() before being inserted. you should probably run strip_tags() and some other checks on it as well. it's usually a good practice to write up a function or even a class to give you more control and simply pass your $_POST through it on each submit.

Share this post

Link to post
Share on other sites


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.