My name is Sarah, this is my first post, I hope you don't think that I am a total idiot but I am quite new to PHP and I am learning it in school.
I was wondering if someone could please give me a bit of advice about security. I have a simple form script that submits stuff to a database, and I just want to make sure that its protected and no one can do any damage.
I have read a lot about security, but I am not sure if I am doing it right, so could someone please let me know if I have made any mistakes?
Basically here is my code, for a simple form, where people type in their email address and a funny joke, and the joke and the email address goes to the database.
Please note, I am NOT validating the email address here, because it doesn't matter if a person puts in a real email address or a fake one.
What I need to know is Will this code stop any nasty stuff, or is there more I need to do?
- Code: Select all
function check_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data, ENT_QUOTES);
return $data;
}
$email = mysql_real_escape_string($_POST['email']);
$joke = mysql_real_escape_string($_POST['joke']);
$email = check_input($email);
$joke = check_input($joke);
$sql="INSERT INTO vote_messages (email, msg) VALUES ('$email','$joke')";
Thank you so much to anyone who can advise a newbie.
Sarah
