Jump to content


securing $_get, $_post

  • Please log in to reply
1 reply to this topic

#1 localhost

  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 28 October 2006 - 03:59 PM

I want to secure these two as best as possible, for $_POST I am using htmlspecialchars, and trim. I want to refrain from using addslashes/stripslashes.
What else should I use?

#2 .josh

  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 28 October 2006 - 04:02 PM

i know you said you wanted to refrain from using add/stripslashes, but this is what i use, and it's been okay thusfar:
function clean_var($value){
   if (get_magic_quotes_gpc()) { stripslashes($value); }
   if (!is_numeric($value)) { mysql_real_escape_string($value); }    
   return $value;

Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users