RE: [PHP] Sanitizing mysql inserts of user data

Caner Bulut Sun, 16 Aug 2009 11:52:00 -0700

Hi Dotan,

You can use htmlentities(), htmlspecialchars() and strip_tags() functions
when you show your saved data on your web pages. mysql_real_escape_string
function saved data into mysql DB with a secure way. But when you try to
show data you still have to control it.


Thanks.
Caner.

-----Original Message-----
From: Dotan Cohen [mailto:dotanco...@gmail.com] 
Sent: Sunday, August 16, 2009 9:43 PM
To: php-general.
Subject: [PHP] Sanitizing mysql inserts of user data

I am sanitizing user-entered data before storing in mysql with this
function:

function clean_mysql ($dirty) {
    $dirty=trim($dirty);
    $dirty=str_replace ("--", "", $dirty);
    $dirty=str_replace (";", "", $dirty);
    $clean=mysql_real_escape_string($dirty);
    return $clean;
}

Is this good enough to prevent SQL injection attacks? Should I add
anything else? Thanks!

Dotan Cohen

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Sanitizing mysql inserts of user data

Reply via email to