bachx Posted March 13, 2007 Share Posted March 13, 2007 I've written a small function that cleans up all user input before entering it to the DB. I'm wondering, is this sufficient or am I missing someting? function clean_text($text) { $text = str_replace("<", "<", $text); $text = str_replace(">", ">", $text); $text = strip_tags($text); $text = htmlspecialchars($text, ENT_NOQUOTES); $text = mysql_real_escape_string($text); return $text; } Link to comment https://forums.phpfreaks.com/topic/42468-cleaning-user-input-is-this-safe-enough/ Share on other sites More sharing options...
papaface Posted March 13, 2007 Share Posted March 13, 2007 You could just do: function clean_text($text) { $text = mysql_real_escape_string($text); return $text; } If you want to make sure its safe for the SQL. But if you want to disallow certain tags, then yes your code is fine. Link to comment https://forums.phpfreaks.com/topic/42468-cleaning-user-input-is-this-safe-enough/#findComment-206046 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.