harkly Posted May 21, 2012 Share Posted May 21, 2012 I am working on adding security to my code. This is new to me and I am confused at which one to use. The numbers, email and pswd are all explanatory its the text fields that are confusing me. So I have a variety of text fields where the user can input what they want. I want to be able to add in a variety of characters but want it to be secure as well. I want to be able to use the "&" so I think I want Quote FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP All the text fields will be used for descriptions or notes. Also, how secure, if at all, is this function? It was a very earlier attempt at security function check_input($data) { $data = trim($data); $data = htmlspecialchars($data); return $data; } Link to comment https://forums.phpfreaks.com/topic/262884-security-need-advice/ Share on other sites More sharing options...
harkly Posted May 21, 2012 Author Share Posted May 21, 2012 Also have one more question I am using mysqli! and then filtering the data on input do I really need to escape it as well? I ask this becuase when escaping it is messing up the format of the text when there is a break in it. Link to comment https://forums.phpfreaks.com/topic/262884-security-need-advice/#findComment-1347392 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.