Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Senior Coder
    Join Date
    May 2005
    Posts
    2,137
    Thanks
    96
    Thanked 72 Times in 72 Posts

    Best code to use to stop injections?

    In my contact us form, I want to prevent the message they send from anyone putting injection codes in it. Would stripslashs be better? or addslashes? or what should I use?

  • #2
    Regular Coder Iszak's Avatar
    Join Date
    Jun 2007
    Location
    Perth, Western Australia
    Posts
    332
    Thanks
    2
    Thanked 58 Times in 57 Posts
    Well, there's a number of prevents you can take, in regards to strip slashes and adding slashes, adding slashes is on by default so you may want to check gpc magic quotes setting. Another good method is to use strip_tags and htmlentities, this will rule out a lot of the easier attacks, and many rely solely on these methods. I doubt your form would be under massive thread, so I wouldn't go over kill, but it's up to you.

  • #3
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,043
    Thanks
    19
    Thanked 42 Times in 42 Posts
    Take a read of the manuals.
    www.php.net/function.addslashes and www.php.net/function.stripslashes.
    Also take a look at http://uk.php.net/manual/en/function...quotes-gpc.php .
    I think the last one has been wiped out in PHP 6 though so check your version.


    Edit: Just beaten to it

  • #4
    Senior Coder
    Join Date
    May 2005
    Posts
    2,137
    Thanks
    96
    Thanked 72 Times in 72 Posts
    Ok so I guess I will leave it alone.

  • #5
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    I suggest you read this. Its cut down on spam severely when I implemented it into my contact forms.

    http://www.phpbuilder.com/columns/ia...n20060412.php3
    ||||If you are getting paid to do a job, don't ask for help on it!||||


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •