runthis Posted October 23, 2010 Share Posted October 23, 2010 What is the best way to santize a user input What covers it all without leaving the text with slashes Do i just need to escape my variables, or no i need to sanitize my queries as well? Whats the whole kitten kaboodle, anyone? Link to comment https://forums.phpfreaks.com/topic/216621-sanitizing-input/ Share on other sites More sharing options...
Pikachu2000 Posted October 23, 2010 Share Posted October 23, 2010 It depends on the type of data, and what you're going to do with it. Link to comment https://forums.phpfreaks.com/topic/216621-sanitizing-input/#findComment-1125469 Share on other sites More sharing options...
runthis Posted October 23, 2010 Author Share Posted October 23, 2010 ok fair enough, im not the best coder but this is how i would something off hand <? $get=$_GET['var']; mysql_query=("UPDATE thing SET field='var' WHERE id='1'"); ?> What would be the proper way sanitize that? Link to comment https://forums.phpfreaks.com/topic/216621-sanitizing-input/#findComment-1125472 Share on other sites More sharing options...
.josh Posted October 23, 2010 Share Posted October 23, 2010 As pikachu has already mentioned, the proper way depends on what the expected value is. Is the value supposed to be a number? Range? A string? some particular length or format? The first step in sanitizing input is figuring out what value/format you expect in the first place. Link to comment https://forums.phpfreaks.com/topic/216621-sanitizing-input/#findComment-1125592 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.