View Full Version : Best code to use to stop injections?

03-10-2009, 02:33 AM
In my contact us form, I want to prevent the message they send from anyone putting injection codes in it. Would stripslashs be better? or addslashes? or what should I use?

03-10-2009, 02:44 AM
Well, there's a number of prevents you can take, in regards to strip slashes and adding slashes, adding slashes is on by default so you may want to check gpc magic quotes setting. Another good method is to use strip_tags and htmlentities, this will rule out a lot of the easier attacks, and many rely solely on these methods. I doubt your form would be under massive thread, so I wouldn't go over kill, but it's up to you.

03-10-2009, 02:44 AM
Take a read of the manuals.
www.php.net/function.addslashes and www.php.net/function.stripslashes.
Also take a look at http://uk.php.net/manual/en/function.get-magic-quotes-gpc.php .
I think the last one has been wiped out in PHP 6 though so check your version.

Just beaten to it

03-10-2009, 04:33 AM
Ok so I guess I will leave it alone.

03-10-2009, 08:35 AM
I suggest you read this. Its cut down on spam severely when I implemented it into my contact forms.