Jump to content

Archived

This topic is now archived and is closed to further replies.

SharkBait

MySQL + PHP Best Practices.

Recommended Posts

HI,

When using PHP with MySQL what are some good rules for processing $_GET variables?

Should each $_GET[] had a mysql_real_escape_string() thrown around it to help with possible injections?

What are your recommendations without using a 3rd party class?

Share this post


Link to post
Share on other sites
as far as the first one, it really depends on the type of input field, but as a general rule, every user  input should at the very least get escaped with addslashes() or mysql_real_escape_string() before being inserted. you should probably run strip_tags() and some other checks on it as well. it's usually a good practice to write up a function or even a class to give you more control and simply pass your $_POST through it on each submit.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.