Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
Thread: is this to much sanitising?
12-13-2011, 10:10 AM #1
- Join Date
- Oct 2011
- Thanked 5 Times in 5 Posts
is this to much sanitising?
I was just wondering if i was being a little over the top.
With all post variables, even the <select> posts i am using this, i have setup a function so i do not have to code this on ever post but you will get my gist!
$name = trim(strip_tags(htmlentities($_POST["name"])));
$name_secure = mysql_real_escape_string($name_secure);
Or do i need to do more on the front of other hacks within form submittion and url injection etc.
12-13-2011, 10:23 AM #2
- Join Date
- Jul 2011
- Thanked 171 Times in 171 Posts
All those functions perform different tasks, not all of them for security reasons.
trim removes whitespace, so its an aesthetic function more than anything. strip_tags removes markup tags, for information you want displayed without html. htmlentites replaces markup characters (like < and > for example) for displaying the html code as plain text, making the strip tags after it redundant. mysql_real_escape_string escapes characters that break out of queries (like ') to prevent mysql injection.
So to answer your question, it depends entirely on the effect you want on the input and output, although mysql_real_escape_string is essential for DB queries.