SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Addict
    Join Date
    Jun 2004
    Location
    Montreal
    Posts
    275
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    For form data that goes into a MySQL DB...

    Ok,

    in some form, I've got some text field, dropdown & hidden field.

    When inserting the data into my db, I use mysql_real_escape_string on text field but I was wondering if it is save to put it also on hidden field?

    Thank

  2. #2
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,290
    Mentioned
    198 Post(s)
    Tagged
    3 Thread(s)

    hidden inputs

    Hidden inputs can be seen and modified in source-view. Best practice to sanitize all input. Maybe all your users will be ignorant or honest, maybe not.

  3. #3
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,807
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    Trust no-one. Sanitise ANY incoming data even if it comes from within the application eg admin CMS.
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •