This make user data safe? (PHP)

[Lakie]

Does this make user input reasonabely safe?

PHP Code:

function form_submit($key) {
    $key = htmlentities($key, ENT_QUOTES);
      if (get_magic_quotes_gpc()) { 
       $key = stripslashes($key); 
    }
      $key = mysql_real_escape_string(trim($key));
     $key = strip_tags($key);
    $key = str_replace("\r\n", "", $key);

//Smily stuff Removed
//BB Code stuff Removed
     return $key;
} 


[Scott]

to be honest I think you went a little overboard.

What kinda data are you trying to filter?

[Lakie]

Nothing out of the ordinary, im building up a sword database, basiclly the fields are things like Sword Name, Sword Smith, RRP, some varchar, some int, some text etc etc

There is a textarea down thebottom for added/general info...

The form does sit in the admin panel that only 1 other guy and myself have access too and i trust him not to screw things up, its more a case of better to be safe then sorry...

[IcIshoot]

I usually just use base64 encoding for saving general input to the database. That's all I would use in your case


$encodedText = base64_encode("Some text");


$decodedText = base64_decode($encodedText);


IcI

[JonM]

You've already done the work and that's pretty darn secure...i'd keep it like that .

[Lakie]

I actually havent put it in yet, i wanted to get the thing up then tweak it...

ici, i plan on making the data searchable, would it be using too much resources to encode the search strings aswell as the actual data?

[IcIshoot]

I don't know how that would work, since I haven't done any thing with searching. But it works pretty fast for babstats system....

babstats base64 encodes all the player names, yet you can still search them.

base64 may not be the best way. I am certainly not an expert in PHP lol