woocha Posted February 1, 2008 Share Posted February 1, 2008 Hey guys, when I have a form that populates a mySQL db is it more advised to use strip_tags() or mysql_real_escape_string() or maybe both? DOES ANYONE HAVE A TRUELY GREAT FUNCTION TO REALLY SECURE ALL FORMS???? Link to comment https://forums.phpfreaks.com/topic/88984-sanitizing-form-data-with-php-for-mysql/ Share on other sites More sharing options...
kenrbnsn Posted February 2, 2008 Share Posted February 2, 2008 You should use mysql_real_escape_string() when inserting data into a mysql database. Tags don't mean anything to the database. You may want to use strip_tags() or htmlentities() when display data back to the screen so th browsers don't try to interpret the data as HTML. Ken Link to comment https://forums.phpfreaks.com/topic/88984-sanitizing-form-data-with-php-for-mysql/#findComment-455725 Share on other sites More sharing options...
woocha Posted February 2, 2008 Author Share Posted February 2, 2008 I tried this bit of code and it returned empty $string = mysql_real_escape_string($string); did I do something wrong? Link to comment https://forums.phpfreaks.com/topic/88984-sanitizing-form-data-with-php-for-mysql/#findComment-455747 Share on other sites More sharing options...
kenrbnsn Posted February 4, 2008 Share Posted February 4, 2008 We need to see more of your code to determine what went wrong. Please surround your code with tags. Ken Link to comment https://forums.phpfreaks.com/topic/88984-sanitizing-form-data-with-php-for-mysql/#findComment-457304 Share on other sites More sharing options...
priti Posted February 4, 2008 Share Posted February 4, 2008 I tried this bit of code and it returned empty $string = mysql_real_escape_string($string); did I do something wrong? If you are not using mysql_real_escape_string is it working???? if so then check your php version if not wrong then this is working in >=4.3 version of PHP. Regards Link to comment https://forums.phpfreaks.com/topic/88984-sanitizing-form-data-with-php-for-mysql/#findComment-457327 Share on other sites More sharing options...
Northern Flame Posted February 4, 2008 Share Posted February 4, 2008 try this: $new_string = mysql_real_escape_string($string); Link to comment https://forums.phpfreaks.com/topic/88984-sanitizing-form-data-with-php-for-mysql/#findComment-457349 Share on other sites More sharing options...
haku Posted February 4, 2008 Share Posted February 4, 2008 If you want something that will help you create secure forms with little coding effort, you should check out the pear html quickform class. There is a great tutorial here that shows you how to do it. Only setback is that it outputs everything in tables. Link to comment https://forums.phpfreaks.com/topic/88984-sanitizing-form-data-with-php-for-mysql/#findComment-457377 Share on other sites More sharing options...
tibberous Posted February 4, 2008 Share Posted February 4, 2008 Ken is right. I wouldn't worry about learning a class to handle this, because... 1) there are really only like three functions you need to use 2) you should understand the principles behind it 3) if you freelance, or work in a team, or use code other people have written, it's probably going to be done the 'basic' way Link to comment https://forums.phpfreaks.com/topic/88984-sanitizing-form-data-with-php-for-mysql/#findComment-457381 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.