giraffemedia Posted January 25, 2011 Share Posted January 25, 2011 Hi, I'm putting together a database that once logged in, a user is able to insert, update and delete records via html forms. The login is secured using mysql_real_escape_string, but I'm wondering should I do the same for all form elements that pass data to the db? There are a wide range of inputs, from numeric, alphanumeric, dates and more. I'd appreciate your feedback. Regards, James Link to comment https://forums.phpfreaks.com/topic/225634-protecting-mysql-db-from-form-inputs/ Share on other sites More sharing options...
blew Posted January 25, 2011 Share Posted January 25, 2011 use PDO you never gonna have problem with security in your db Link to comment https://forums.phpfreaks.com/topic/225634-protecting-mysql-db-from-form-inputs/#findComment-1165028 Share on other sites More sharing options...
BlueSkyIS Posted January 25, 2011 Share Posted January 25, 2011 you should use mysql_real_escape_string and/or filters for every field that is input from an external user/source. http://php.net/manual/en/book.filter.php Link to comment https://forums.phpfreaks.com/topic/225634-protecting-mysql-db-from-form-inputs/#findComment-1165031 Share on other sites More sharing options...
lazylodr Posted January 25, 2011 Share Posted January 25, 2011 use PDO you never gonna have problem with security in your db More specifically prepared statements and parameter binding will help Link to comment https://forums.phpfreaks.com/topic/225634-protecting-mysql-db-from-form-inputs/#findComment-1165154 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.