Re: [PHP] Avoiding SQL injections: htmlentities() ? — PHP

You are here: Re: [PHP] Avoiding SQL injections: htmlentities() ? « PHP « IT news, forums, messages

Posted by Chris Shiflett on 03/27/05 06:45

tg-php@gryffyndevelopment.com wrote:
> So if I could broaden the question and ask, in general, what people
> recommend for pre-processing data before it goes into a SQL
> statement.

For escaping, I recommend an escaping function specific to your
database. These exist for most popular databases. As a last resort, you
can escape with addslashes(), but only if your database doesn't have a
native escaping function and also escapes things like single and double
quotes with a backslash.

> htmlentities()

This is an escaping function for HTML, not SQL. For HTML, I think it's
the best. :-)

Hope that helps.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

Navigation:

Next in forum: Re: [PHP] Avoiding SQL injections: htmlentities() ?
Prev in forum: Re: [PHP] Avoiding SQL injections: htmlentities() ?
Thread view: Re: [PHP] Avoiding SQL injections: htmlentities() ?

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация