splatcatballa99
01-09-2008, 04:34 PM
Have a function called security() and then run the supplied field through things like
function security($value) {
$value_1 =htmlentities(mysql_real_escape_string($value));
return $value_1;
}
would that work? Also are there any other forms of security you would recomend using.
debiannerd
01-09-2008, 08:35 PM
Have a function called security() and then run the supplied field through things like
function security($value) {
$value_1 =htmlentities(mysql_real_escape_string($value));
return $value_1;
}
would that work? Also are there any other forms of security you would recomend using.
http://blog.php-security.org/
save yourself one variable, re-use $value
cheers,
Xeentech
01-09-2008, 09:41 PM
http://blog.php-security.org/
save yourself one variable, re-use $value
cheers,
function security($value) {
return htmlentities(mysql_real_escape_string($value));
}
Or don't use any.
debiannerd
01-09-2008, 09:42 PM
function security($value) {
return htmlentities(mysql_real_escape_string($value));
}
Or don't use any.
;)
yeah but at this point, there is no need to have a function of one line :cool:
Xeentech
01-09-2008, 10:07 PM
;)
yeah but at this point, there is no need to have a function of one line :cool:
Only that htmlentities(mysql_real_escape_string()); is a lot to type if you're using it a lot. It would make it easier to maintain the future. If you were to move platform or needed to stip something else, like adding a profanity filter.
Codebird
01-12-2008, 02:14 PM
Only that htmlentities(mysql_real_escape_string()); is a lot to type if you're using it a lot. It would make it easier to maintain the future. If you were to move platform or needed to stip something else, like adding a profanity filter.
100% right
