purencool Posted January 12, 2011 Share Posted January 12, 2011 I am creating a install script for a database. I have got to the point where I can't preg_match the following variables hostname, user, password, and database because the user decides these outside the application. but how do I protect the app? Link to comment https://forums.phpfreaks.com/topic/224138-database-authentication-regex/ Share on other sites More sharing options...
Pikachu2000 Posted January 12, 2011 Share Posted January 12, 2011 Protect it from what? SQL injection or . . . ? Link to comment https://forums.phpfreaks.com/topic/224138-database-authentication-regex/#findComment-1158181 Share on other sites More sharing options...
purencool Posted January 12, 2011 Author Share Posted January 12, 2011 sorry sql injection yes you were right Link to comment https://forums.phpfreaks.com/topic/224138-database-authentication-regex/#findComment-1158185 Share on other sites More sharing options...
Pikachu2000 Posted January 13, 2011 Share Posted January 13, 2011 In that case, all submitted values should be validated (sounds like you're using regex for that). Data should be sanitized before being used in a query string by casting numeric data to the correct type, and escaping string type data with, for example, mysql_real_escape_string. Link to comment https://forums.phpfreaks.com/topic/224138-database-authentication-regex/#findComment-1158678 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.