PHP Language - PHP-Javascript

Author

PHP-Javascript

D. Mexis

2006-09-14, 3:57 am

Hello,

I build a site in php, javascript and mysql. What precautions can I take
so when the user types something nothing bad is gonna happen?
Either we are talking for PHP or Javascript?

I wouldn't like to let the user pass something like a DROP or DELETE
statement after ; character...

Any suggestion?

Peter Buzanits

2006-09-14, 7:57 am

Go to Google and search for "sql injection". Then you find a lot of
advices how to avoid those things...

Peter

D. Mexis schrieb:
> Hello,
>
> I build a site in php, javascript and mysql. What precautions can I take
> so when the user types something nothing bad is gonna happen?
> Either we are talking for PHP or Javascript?
>
> I wouldn't like to let the user pass something like a DROP or DELETE
> statement after ; character...
>
> Any suggestion?

D. Mexis

2006-09-16, 3:56 am

On Thu, 14 Sep 2006 13:48:33 +0200, Peter Buzanits wrote:
[color=darkred]
> Go to Google and search for "sql injection". Then you find a lot of
> advices how to avoid those things...
>
> Peter
>
>
> D. Mexis schrieb:

Ok, thank you for the tip.

Gleep

2006-09-18, 3:57 am

On Thu, 14 Sep 2006 09:23:49 +0300, "D. Mexis" <m65@vivodinet.gr> wrote:

>Hello,
>
>I build a site in php, javascript and mysql. What precautions can I take
>so when the user types something nothing bad is gonna happen?
>Either we are talking for PHP or Javascript?
>
>I wouldn't like to let the user pass something like a DROP or DELETE
>statement after ; character...
>
>Any suggestion?

the easiest thing you can do is ereg expression and only accect alphanumeric in your form fields
make sure magic quotes is on and the built in stripslashes will be fine
you can also use mysql_escape_string function however if you use that you could get double
backslashes when used with magic quotes.
validate validate validate everything and you will be fine

Sponsored Links