giraffemedia Posted January 25, 2011 Share Posted January 25, 2011 Hi, I'm putting together a database that once logged in, a user is able to insert, update and delete records via html forms. The login is secured using mysql_real_escape_string, but I'm wondering should I do the same for all form elements that pass data to the db? There are a wide range of inputs, from numeric, alphanumeric, dates and more. I'd appreciate your feedback. Regards, James Quote Link to comment Share on other sites More sharing options...
blew Posted January 25, 2011 Share Posted January 25, 2011 use PDO you never gonna have problem with security in your db Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted January 25, 2011 Share Posted January 25, 2011 you should use mysql_real_escape_string and/or filters for every field that is input from an external user/source. http://php.net/manual/en/book.filter.php Quote Link to comment Share on other sites More sharing options...
lazylodr Posted January 25, 2011 Share Posted January 25, 2011 use PDO you never gonna have problem with security in your db More specifically prepared statements and parameter binding will help Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.