You are here: Re: [PHP] Avoiding SQL injections: htmlentities() ? « PHP « IT news, forums, messages
Re: [PHP] Avoiding SQL injections: htmlentities() ?

Posted by tg-php on 03/27/05 00:38

Actually I was just about to look into this again myself since I'm working on a project that I'd like to protect from SQL injections.

htmlentities() is a start, but that's not going to protect you from someone using apostrophes (single quotes) and breaking your SQL in other ways.

While some of the things you need to guard against aren't really security issues, there's still a handful of things you want to do to your data before you put that data into a SQL string.

So if I could broaden the question and ask, in general, what people recommend for pre-processing data before it goes into a SQL statement.. for security and for things like making sure singlequotes and other special characters are escaped properly?


htmlentities()
addslashes() (if magic quotes isn't turned on right?)

What else?

-TG

= = = Original message = = =

Hi,
Just a quick question, I have been reading a lot about SQL injection doing a
s**tload of damage to many sites, I myself use a pagentation class which
sends the page number from page to page in a $_GET['page'] request which
gets used in a LIMIT parameter.

>From what i have been reading, wrapping all my GET and POST requests in a
htmlentities() function should keep me safe....right? or what else should
i/can i do?

eg:
$page= htmlentities($_GET[page]);

Thanks,
Ryan



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.8.3 - Release Date: 3/25/2005

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.8.3 - Release Date: 3/25/2005

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация