...

View Full Version : Best code to use to stop injections?



masterofollies
03-10-2009, 01:33 AM
In my contact us form, I want to prevent the message they send from anyone putting injection codes in it. Would stripslashs be better? or addslashes? or what should I use?

Iszak
03-10-2009, 01:44 AM
Well, there's a number of prevents you can take, in regards to strip slashes and adding slashes, adding slashes is on by default so you may want to check gpc magic quotes setting. Another good method is to use strip_tags and htmlentities, this will rule out a lot of the easier attacks, and many rely solely on these methods. I doubt your form would be under massive thread, so I wouldn't go over kill, but it's up to you.

rafiki
03-10-2009, 01:44 AM
Take a read of the manuals.
www.php.net/function.addslashes and www.php.net/function.stripslashes.
Also take a look at http://uk.php.net/manual/en/function.get-magic-quotes-gpc.php .
I think the last one has been wiped out in PHP 6 though so check your version.


Just beaten to it

masterofollies
03-10-2009, 03:33 AM
Ok so I guess I will leave it alone.

_Aerospace_Eng_
03-10-2009, 07:35 AM
I suggest you read this. Its cut down on spam severely when I implemented it into my contact forms.

http://www.phpbuilder.com/columns/ian_gilfillan20060412.php3



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum