Jump to content

PHP Security


c_pattle

Recommended Posts

I have just made a couple of forms that submit data to a mysql database.  I was wondering what measures I need to make to in order to keep the whole thing very secure.  At the moment I have stripped the inputs of tags and forward slashes.  Is there anything else I should do?

 

Also some field in the form allow the user to enter a url.  With these fields I have not stripped them of forward slashes.  Is this a bad idea?  Should I do something like replace the forward slashes with something else and then reverse this process every time I extract that data from the database?

Link to comment
https://forums.phpfreaks.com/topic/216026-php-security/
Share on other sites

You can never be too safe with stripping stuff out of data submitted to a database. I've personally never built an application that handled URLs, but I might suggest  using str_replace to replace all the / in urls with a '-', then use the same str_replace function when you output the data to replace the '-'s with /. I hope that makes sense.

Link to comment
https://forums.phpfreaks.com/topic/216026-php-security/#findComment-1122789
Share on other sites

Replacing slashes is pointless, and very likely to cause problems when retrieved. If you use the proper escape function before inserting them, you'll be fine. For string type data, it will be mysql_real_escape_string() (or mysqli_real_escape_string(), if you use the improved extensions). For numeric data types, they should be validated and cast as the appropriate type, be it integer, float, decimal, etc.

Link to comment
https://forums.phpfreaks.com/topic/216026-php-security/#findComment-1122795
Share on other sites

Of course it is. Databases would be pretty useless if you couldn't store a full character set in them. The fact that a character is in a database doesn't make it a vulnerability. It's the actual process of how it's inserted or displayed that can be present a problem.

Link to comment
https://forums.phpfreaks.com/topic/216026-php-security/#findComment-1122817
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.