Advice on form processing

[beesfan_london]

I'm currently working out how to best set up a website. I'm going to be setting up a part search system, basically guests to the site will fill in a form for their model of vehicle, these details will then be entered into a database for me to verify before sending the request out to my list of suppliers. The thing is i'm thinking about how to make this secure enough.

 

What i need to know is, if i set up the forms so no bad data can be inserted into the database and make sure the form processing script is using a mysql account that is restricted to inserting data to a specific table in a database, will this be ok? Or is there anything else i need to consider?

 

***Update***

I guess it would also be a good idea to implement something that will stop users submitting multiple data to fill the database. Maybe a bit of code that will restrict access to the form for a set time?

 

Thanks.

[per1os]

You may want to consider using this on incoming form data:

 

<?php
function myEscape($string) {
       return  get_magic_quotes_gpc()?addcslashes(stripslashes ($string), "\x00\n\are\\'\"\x1a" ):addcslashes($string, "\x00\n\are\\'\"\x1a" );
}

$make = myEscape($_POST['make']);
?>

 

Just to make sure no SQL Injection happens. Other than that you should be fine.