FUDforum: comp.lang.php » Data sanitation for mysql queries.

Home » Imported messages » comp.lang.php » Data sanitation for mysql queries.

Show: Today's Messages :: Polls :: Message Navigator

Re: Data sanitation for mysql queries. [message #179663 is a reply to message #179662]

Fri, 16 November 2012 19:36

cph
Messages: 10
Registered: September 2012

Karma:

Junior Member

I am not asking about validation that is a whole other topic. This is specifically about sanitation. The problem with real_escape_string is from what I have read its not good enough to prevent sql injections.

On Friday, November 16, 2012 10:56:08 AM UTC-8, Jerry Stuckle wrote:
> On 11/16/2012 1:10 PM, cph wrote:
>
>> FOr sanitizing user input that will be part of a mysql query is addslashes() good enough to prevent mysql injection?
>
>>
>
>
>
> Not at all. You need to validate the data, i.e. integer values are
>
> actually integers, dates are valid, etc. You can use bind parameters as
>
> Daniel indicated, or you can use mysql_real_escape_string() on strings.
>
> Numeric values, dates, etc. do not need further processing if they have
>
> been properly validated. But they need to be validated even if you're
>
> using bind parameters.
>
>
>
> --
>
> ==================
>
> Remove the "x" from my email address
>
> Jerry Stuckle
>
> JDS Computer Training Corp.
>
> jstucklex(at)attglobal(dot)net
>
> ==================

Report message to a moderator

[Message index]

		Data sanitation for mysql queries. By: cph on Fri, 16 November 2012 18:10
		Re: Data sanitation for mysql queries. By: Daniel Pitts on Fri, 16 November 2012 18:49
		Re: Data sanitation for mysql queries. By: Jerry Stuckle on Fri, 16 November 2012 18:56
		Re: Data sanitation for mysql queries. By: cph on Fri, 16 November 2012 19:36
		Re: Data sanitation for mysql queries. By: Jerry Stuckle on Fri, 16 November 2012 21:46
		Re: Data sanitation for mysql queries. By: Peter H. Coffin on Sun, 18 November 2012 01:47

Previous Topic:	How to add dynamic textbox (row) and save to database using PHP
Next Topic:	Scrape dynamically generated hyperlinks

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sat Nov 23 15:05:57 GMT 2024

Total time taken to generate the page: 0.05713 seconds