runthis Posted October 23, 2010 Share Posted October 23, 2010 What is the best way to santize a user input What covers it all without leaving the text with slashes Do i just need to escape my variables, or no i need to sanitize my queries as well? Whats the whole kitten kaboodle, anyone? Quote Link to comment https://forums.phpfreaks.com/topic/216621-sanitizing-input/ Share on other sites More sharing options...
Pikachu2000 Posted October 23, 2010 Share Posted October 23, 2010 It depends on the type of data, and what you're going to do with it. Quote Link to comment https://forums.phpfreaks.com/topic/216621-sanitizing-input/#findComment-1125469 Share on other sites More sharing options...
runthis Posted October 23, 2010 Author Share Posted October 23, 2010 ok fair enough, im not the best coder but this is how i would something off hand <? $get=$_GET['var']; mysql_query=("UPDATE thing SET field='var' WHERE id='1'"); ?> What would be the proper way sanitize that? Quote Link to comment https://forums.phpfreaks.com/topic/216621-sanitizing-input/#findComment-1125472 Share on other sites More sharing options...
.josh Posted October 23, 2010 Share Posted October 23, 2010 As pikachu has already mentioned, the proper way depends on what the expected value is. Is the value supposed to be a number? Range? A string? some particular length or format? The first step in sanitizing input is figuring out what value/format you expect in the first place. Quote Link to comment https://forums.phpfreaks.com/topic/216621-sanitizing-input/#findComment-1125592 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.