#1
|
||
|
PHP and mySql
Well I was chatting with some folks from phpfreaks.com.
They confirmed some good practices to protect your website. 1. Filter all content entered into the database 2. Escape all content comming from the database. So you can use mysql_real_escape_string() and stripslashes() to remove stuff that can mess up the query. Then you use htmlentities() to prevent users from entering php or other scripting languages and having that be executed. Html entities basically takes the strings and converts the characters into html code. If you use htmlentities when adding content to the mysql table and decide later on to crop the text at a certain length, it will expose the html code because it will crop that too. Hope this helps someone starting out.
__________________
|
#2
|
||
|
Depending on your data, and what your wanting to do with it, encoding the data to base64 also works
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
MySQL Problem or PHP? | Webviper2006 | Web design and Programming | 3 | 12-26-2005 12:17 AM |
PHP/MySQL | Jeff | Web design and Programming | 7 | 11-30-2005 12:18 PM |
php/mysql problem need help | G.I.JOE*MFA* | Web design and Programming | 3 | 02-09-2004 05:20 PM |
PHP, MySQL | REGULATOR | Web design and Programming | 7 | 11-22-2003 11:53 AM |
php and mysql | XenoMorpH | Web design and Programming | 4 | 04-01-2003 06:14 AM |