Is my security ok?

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: egami, macek, gesf

Post Reply
User avatar
Nullsig
php-forum Fan User
php-forum Fan User
Posts: 979
Joined: Thu Feb 17, 2011 6:52 am
Location: Racine, WI

Mon Sep 26, 2011 9:50 am

no it won't

You have the right idea but you call mysql_real_escape_string and then strip out all the slashes it just added.

You should remove the call for stripslashes. That will get you exactly where you want to go.

You also don't technically need the htmlspecialchars call but that's more of a personal preference.

User avatar
egami
php-forum GURU
php-forum GURU
Posts: 2192
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Mon Sep 26, 2011 10:03 am

This right here should do you the trick.

Code: Select all


$variable = trim(strip_tags(mysql_real_escape_string($_POST['variable'])));

 

Post Reply