Miss-Ruth Posted December 8, 2010 Share Posted December 8, 2010 I'm using the following filters to prevent email injection. Is this sufficient to prevent an injection/hijacking? or am I missing something? $email = $_POST['email']; $email = strip_tags($email); $email = htmlentities($email); $email =utf8_decode($email); $email = stripslashes ($email); $email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL); I really appreciate your feedback. Link to comment https://forums.phpfreaks.com/topic/221047-htmlentities-strip_tags-utf8_decode-stripslashes/ Share on other sites More sharing options...
fenway Posted December 8, 2010 Share Posted December 8, 2010 Removing tags, html entities, UTF-8 characters, slashes and non-email characters won't help you in you haven't escaped SQL metacharacters. Link to comment https://forums.phpfreaks.com/topic/221047-htmlentities-strip_tags-utf8_decode-stripslashes/#findComment-1144695 Share on other sites More sharing options...
Miss-Ruth Posted December 9, 2010 Author Share Posted December 9, 2010 is that "preg_match()"? Link to comment https://forums.phpfreaks.com/topic/221047-htmlentities-strip_tags-utf8_decode-stripslashes/#findComment-1144880 Share on other sites More sharing options...
fenway Posted December 9, 2010 Share Posted December 9, 2010 is that "preg_match()"? Nope -- that's just a regex call. Link to comment https://forums.phpfreaks.com/topic/221047-htmlentities-strip_tags-utf8_decode-stripslashes/#findComment-1144940 Share on other sites More sharing options...
Miss-Ruth Posted December 10, 2010 Author Share Posted December 10, 2010 Nope -- that's just a regex call. Well... what's the function are you referring to? Link to comment https://forums.phpfreaks.com/topic/221047-htmlentities-strip_tags-utf8_decode-stripslashes/#findComment-1145198 Share on other sites More sharing options...
fenway Posted December 10, 2010 Share Posted December 10, 2010 Usually the DB interface class exposes some sort of quote() function... depends on how you're connecting. Link to comment https://forums.phpfreaks.com/topic/221047-htmlentities-strip_tags-utf8_decode-stripslashes/#findComment-1145203 Share on other sites More sharing options...
Miss-Ruth Posted December 10, 2010 Author Share Posted December 10, 2010 Interesting. Please tell me what do you mean by "depends on how you're connecting". Link to comment https://forums.phpfreaks.com/topic/221047-htmlentities-strip_tags-utf8_decode-stripslashes/#findComment-1145212 Share on other sites More sharing options...
fenway Posted December 10, 2010 Share Posted December 10, 2010 I mean it depends which DB class you're using. Link to comment https://forums.phpfreaks.com/topic/221047-htmlentities-strip_tags-utf8_decode-stripslashes/#findComment-1145421 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.