Thanks bvr
This is good to know, but I still need some validation with my particular
application, as below. Thanks for your time.
Simon H
-Original Message-
From: bvr [mailto:[EMAIL PROTECTED]]
Sent: 04 February 2002 17:44
To: php-general; Simon H
Subject: Re: [PHP] Yet another regex question
Hi,
To prevent user input from messing with your query you just need to
escape the characters used to delimit query values.
MySQL for example uses ' (single quote) to delimit values so you should
use addslashes() on all values.
This will make inserting values containing the ' character work
and prevent
user input from manipulating your script to run arbitrary queries
on your DB server.
The practical thing about MySQL is that it accepts quote
delimited values even for
integer fields. However, if you want to make a 'db safe' integer
you can use $var = (int)$var;
For more advanced input validation, regular expressions can be
very adequate but I'd
recommend separating this from previous mentioned 'escaping'
which is simply needed
for your DB to function properly and safe.
greets,
bvr.
On Mon, 4 Feb 2002 17:18:20 -, Simon H wrote:
I'm trying to validate an input form, for database INSERT/UPDATE. I'm
looking for a couple of Techniques and I cant seem to find examples
anywhere:
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php