thefortrees Posted July 19, 2007 Share Posted July 19, 2007 Howdy. Is it necessary to use mysql_real_escape_string on form elements such as radio buttons or checkboxes? Quote Link to comment Share on other sites More sharing options...
phat_hip_prog Posted July 19, 2007 Share Posted July 19, 2007 What if someone use telnet(?) instead of your form? Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted July 19, 2007 Share Posted July 19, 2007 Yes, any and all input from the user should be consider unreliable. Just because you have a drop down box with options 1 to 5 doesn't mean that the value you get WILL be 1 to 5. Same goes for any javascript validation you do. Quote Link to comment Share on other sites More sharing options...
dbo Posted July 19, 2007 Share Posted July 19, 2007 Yup, always verify your data and escape it before processing it. Don't trust those ebil users! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.