Hi, To prevent user input from messing with your query you just need to escape the characters used to delimit query values. MySQL for example uses ' (single quote) to delimit values so you should use addslashes() on all values. This will make inserting values containing the ' character work and prevent user input from manipulating your script to run arbitrary queries on your DB server. The practical thing about MySQL is that it accepts quote delimited values even for integer fields. However, if you want to make a 'db safe' integer you can use $var = (int)$var; For more advanced input validation, regular expressions can be very adequate but I'd recommend separating this from previous mentioned 'escaping' which is simply needed for your DB to function properly and safe. greets, bvr. On Mon, 4 Feb 2002 17:18:20 -0000, Simon H wrote: >I'm trying to validate an input form, for database INSERT/UPDATE. I'm >looking for a couple of Techniques and I cant seem to find examples >anywhere: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
