[SOLVED] Question

[adam291086]

Hello. I have a very simple CMS that allows the users to upload, edit and delete page content. All these function are in an admin section which has a authentication part using Cookies. The question is do i need to add in validation checks on the information being sent to prevent people dumping my whole database. This is becase only trusted users will be using the site.

 

My gut feeling is going to be yes just in case but i have no idea how to do this, any push in the right direction is much appreciated.

[revraz]

Anytime any data is entered into your database, you need to validate it for the type of data you are expecting.

 

It doesn't have to be malicious to be bad, it can be just the wrong type of data as well.

 

Garbage in, garbage out.

[adam291086]

yeah i do intend to do that, it was more along the lines of people intending to hack my site

[revraz]

What if one of your trusted users gets a keylogging virus and then someone gains access to your site?

 

Regardless of if you'd get hacked or not, don't put yourself in a spot where your database can either get xss attacks or just bad data.

 

Get in the habit of doing it right the first time so you don't have to go back later and fix it all.

[adam291086]

ok so i will go with my gut feeling of yes. Is there any tutorial about this?

[revraz]

Search on these PHP/MySQL keywords:

 

mysql_real_escape_string

stripslashes

trim

 

You'll also want to validate for correct data type like INT, NOT NULL or EMPTY, length of the data if there a mins/max sizes, etc.