cloudll Posted October 9, 2011 Share Posted October 9, 2011 I have never looked into sanitizing before, Is using htmlentities() good enough to protect against sql injection ? Thanks. Link to comment https://forums.phpfreaks.com/topic/248747-is-using-htmlentities-to-sanitize-_posts-adequate-protection/ Share on other sites More sharing options...
awjudd Posted October 9, 2011 Share Posted October 9, 2011 You shouldn't be using htmlentities to prevent SQL injection. There are other functions to do that for you (i.e. mysql_real_escape_string) or better yet, use database parameters. ~juddster Link to comment https://forums.phpfreaks.com/topic/248747-is-using-htmlentities-to-sanitize-_posts-adequate-protection/#findComment-1277470 Share on other sites More sharing options...
cloudll Posted October 9, 2011 Author Share Posted October 9, 2011 Ah ok, the only reason I was thinking about htmlentities is because wouldnt it allow me to see what someone was atempting to do? if they did try any injection? would i use it like this: $statement->execute(array mysql_real_escape_string($sector), mysql_real_escape_string ($battle,$id)); or am i supposed to use it like this? $name = mysql_real_escape_string($_POST['admin_name']); Link to comment https://forums.phpfreaks.com/topic/248747-is-using-htmlentities-to-sanitize-_posts-adequate-protection/#findComment-1277472 Share on other sites More sharing options...
awjudd Posted October 9, 2011 Share Posted October 9, 2011 If you are using database parameters for your query there is no need to escape them. Or if you aren't you would do something like what you have at the bottom. ~juddster Link to comment https://forums.phpfreaks.com/topic/248747-is-using-htmlentities-to-sanitize-_posts-adequate-protection/#findComment-1277475 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.