SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Wizard
    Join Date
    Mar 2008
    Location
    United Kingdom
    Posts
    1,285
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Sanitising input - what functions?

    I've used various methods before, but is there a useful reference or resource that lists when and how to use PHP functions for sanitising input?

    I know of strip_tags, stripslashes, trim, htmlentities, magic_quotes_gpc, mysql_real_escape_string.

    How should I use these, and for what data? Any others?


    Many thanks.

  2. #2
    SitePoint Wizard silver trophybronze trophy Stormrider's Avatar
    Join Date
    Sep 2006
    Location
    Nottingham, UK
    Posts
    3,133
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    It really depends on what data you are expecting. If you have html input for example, you don't want to strip_tags, I only use mysql_real_escape_string directly in queries, magic quotes I sort out at the beginning of a script...

    I often have regular expressions stored in constants, eg REGEX_INTEGER, REGEX_STRING, REGEX_EMAIL etc, and check input against these.

    htmlentities is best used for outputting the data again, not inputting it.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •