View Full Version : Sterilizing Form Data

09-16-2011, 01:02 AM
I am creating an ad-type website where members fill out a form with information for their ad and then it is stored in a mysql database where I can pull it up later. I don't have a ton of experience with php and mysql and I only know of a few ways to sterilize the data from the form. The form uses POST. I know how to sterilize data with mysql real escape string and preg match. This works for most of my fields, however I am looking into allowing people to include pictures and videos. So here are my questions:

1.In your opinion would it be best to require the member to first upload the image/video onto a photo/video hosting website and then have them enter a link to the image/video which I would then store and use later to embed the photo/video in the ad? (The advantage I can see to this would be that the photo/video hosting sites would make sure that the content was not harmful and it would save me money. The disadvantage I can see would be customers having to go to a different site to upload photos/videos for their ads)

2.I'm not sure how to go about sterilizing the links to the videos/photos before storing them in my database. I don't want to allow someone to enter harmful content.

To show an example of the methods I know how to use when it comes to sterilizing data here is an example of how I would sterilize a first name in the variable $firstname.


if(!preg_match('%^[-_a-z]+$%i', $firstname))
die("You did not enter a valid first name.");


09-16-2011, 01:06 AM
Sounds like your thinking about hotlinking that url to that content, is that true? If so advise against that for several reasons.

you might also read thu this thread here..


09-16-2011, 01:21 AM
Yes I would be hotlinking, I can't think of another way other than allowing the user to store their pictures on my website. And since I don't know how to make sure those photos/videos are safe to upload to my website I don't want to allow users to do that. I am going to be allowing users to post lost/stolen and found horse ads among a few other types of ads, but pictures and videos are going to be required for my website to be of any decent use to the users.

What methods would you suggest?

Also thank you for the link to the other thread. I have started reading it and will look into those other ways of sterilizing data.

09-16-2011, 01:30 AM
if you do it correctly dont be so afraid of uploading there are some good threads here on putting together a good uploader.

several reasons you dont want to hotlink, first of all in my experience is that there are alot of shared servers that block hotlinking, also the site owner (unless that is you) could block any hotlinking. Also because if the site is not yours and that other site goes down then all your stuff is gone and you will spent eternity fixing all the links.

Im my opinion hotlinking is just a bad idea.

I would suggest you put together a good uploader and just host the data yourself.