I would like to get everyones opinions on what processes should be used to validating and protecting the input into your storage medium aka MySQL.
In particular listing possible php functions that hsould be run and maybe once we have a list we put them in order, from most to least important?

Note: they should be able to be encoded/decoded when retrieved also.

htmlentities() - html_entity_decode()
addslashes() - stripslashes()

Got the ball rolling now up to you guys :D

Thanks, Regards X

8 Years
Discussion Span
Last Post by OmniX


Yep, that's pretty much it for MySQL. That is the function, along with it's MySQLi counterpart; mysqli_real_escape_string.
It's also good to keep a look out for the magic_quotes feature, so that it doesn't double-escape the data.

Also, it's worth noting, that functions like htmlentities should not be used on data before it is put into the database. They should be applied when the data is on the way out. In the case of htmlentities, when you are printing it to the HTML page.
The data inside the database shouldn't be front-end specific. Meaning, it should be usable by multiple front-ends without any of them being aware of the others.


so just mysql_real_escape_string and that is it for MySQL?
What about other forms of validation for other mediums?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.