help: secure input

delickate · February 17, 2012

Hi,

I'm inserting data into database. which is going fine. but i want to make sure how to insert secure data into database to avoid sql injection.

what function should i use to insert secure data into database. can any one guide me please???

Thanks

darkfreaks · February 17, 2012

you can use mysql_real_escape_string or PDO i would go with PDO it is more secure in my opinion.

delickate · February 17, 2012

thanks for the reply,

what is PDO? can u give me an example of that?

e.g:

if we code for mysql_real_escape_string() like this

echo "insert into table(feidlname) values('".mysql_real_escape_string($value) ."')";

how would we do code for PDO?

like this

echo "insert into table(feidlname) values('".PDO($value) ."')";

please guide

thanks

darkfreaks · February 17, 2012

http://www.phpro.org/tutorials/Introduction-to-PHP-PDO.html#4.3

delickate · February 17, 2012

Thanks alot.

you are really helpful.

Thanks again

cyberRobot · February 17, 2012

You'll also want to validate / sanitize the data, if you haven't done so already. For example, if a field is supposed to be a number, you could check by using something like ctype_digit():

<?php
if( ctype_digit( (string) $numToTest) ) {
     print "Number; continue processing";
} else {
     print "Not a number; flag error";
}
?>

If selecting one of several radio buttons in a form, make sure the value corresponds with one of the options.

If the value isn't supposed to contain HTML / PHP tags, you could run strip_tags() to remove them.

http://php.net/manual/en/function.strip-tags.php

Sign In

help: secure input

Recommended Posts

delickate

Link to comment

Share on other sites

darkfreaks

Link to comment

Share on other sites

delickate

Link to comment

Share on other sites

darkfreaks

Link to comment

Share on other sites

delickate

Link to comment

Share on other sites

cyberRobot

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information