Jump to content

Archived

This topic is now archived and is closed to further replies.

hadoob024

Cleaning information retrieved from database

Recommended Posts

I was reading through this PHP security book and it recommends cleaning/screening/sanitizing information retrieved from the db prior to displaying it. Is this something that everyone recommends, or is it considered overkill?

Share this post


Link to post
Share on other sites
Depends on what you are retrieving. Most of the time text, number don't need and kind of formating or cleaning. but long text fields with say html or line breaks or thing like that would need to be so called "cleaned" to display properly. It all depends on the type of data you are storing.

Ray

Share this post


Link to post
Share on other sites
Well, this is for a real estate website, so let's see, I have 8 small text fields (like around 30 chars), 2 integer fields, and 1 field for a listing description that's 240 chars max. Like I know to use htmlentities() to clean up these fields for proper display, but do I need to run everything through some eregi() checks or something to validate the information again before displaying it? Or does this all depend on how secure the db server is?

Share this post


Link to post
Share on other sites
I'd suggest re-reading that part of the book. Good practice would be to clean/screen/sanitize data [b]before adding[/b] it to the database.

Share this post


Link to post
Share on other sites
Yup. I do that too. I check lengths and type of info entered into the form, then I set a variable equal to the $_POST variable passed thru. I then verify it using eregi(). I also use trim(), strip_tags(), etc. And only after it passes all these checks do I actually store the info in the db. But the book suggested that just to be on the safe side, to also then verify the info when it's pulled out of the db but before displaying it.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.