moon 111 Posted March 31, 2008 Share Posted March 31, 2008 I have a function that I use on all user input to prevent SQL injections, XSS etc. Am I missing anything? Anything else I should add? <?php function clean($var) { $var = mysql_real_escape_string($var); $var = strip_tags($var); } ?> Link to comment https://forums.phpfreaks.com/topic/98809-security/ Share on other sites More sharing options...
ucffool Posted March 31, 2008 Share Posted March 31, 2008 Don't see anything wrong with it. If you are doing something that is more constructed (such as letters or numbers only), doing some extra regular expression checks will help (Also consider restricting the submitted content to a specific length to prevent a buffer overflow situation). Another opinion would also be good, I'm not an end-all-be-all. Link to comment https://forums.phpfreaks.com/topic/98809-security/#findComment-505794 Share on other sites More sharing options...
darkfreaks Posted March 31, 2008 Share Posted March 31, 2008 <?php function clean($var) { $var = mysql_real_escape_string(strip_tags(trim($var))); } ?> Link to comment https://forums.phpfreaks.com/topic/98809-security/#findComment-505803 Share on other sites More sharing options...
maexus Posted March 31, 2008 Share Posted March 31, 2008 <?php function clean($var) { return mysql_real_escape_string(strip_tags(trim($var))); } ?> Link to comment https://forums.phpfreaks.com/topic/98809-security/#findComment-505807 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.