send data with more security

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

Post Reply
victor123
New php-forum User
New php-forum User
Posts: 192
Joined: Mon Sep 06, 2004 1:23 am
Location: Madrid, Spain

Post by victor123 » Tue Aug 16, 2005 11:50 pm

Hi,

To avoid having that kind of problems, you should check that every value the user can enter responds to the data you are expecting (i.e. a numeric field has only numbers and such). That can be done with js, although it is not advisable to rely only on js.

Besides, using mysql_real_escape_string() for every post data to escape (i.e. put a slash before) certain characters will take control of sql attacks as far as i know.

I use both js and mysql_real_escape_string(). Also, i check every query for the validity of the results (if i am expecting the query to return something and it doesn't return anything, i quit the application, for example).

Regards.

victor123
New php-forum User
New php-forum User
Posts: 192
Joined: Mon Sep 06, 2004 1:23 am
Location: Madrid, Spain

Post by victor123 » Wed Aug 17, 2005 1:29 am

Well, there are many routines to check for fields. For example, you can use isNaN(field.value) to check whether it is a numeric value or not. I am not a js expert, so i suggest posting js problems in the appropriate forum.

Regards.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest