Results 1 to 4 of 4
  1. #1
    Join Date
    Feb 2008
    Posts
    8

    Unanswered: Input on a simple data security check function please.

    So I was reading some articles on securely programming for php and I came across the:

    mysql_real_escape_string

    function. It's most likely me not understanding how to use the function, but I couldn't figure out how to work with it in the way I found was simple.

    I take all my form input and push it into an array. I wanted to check to make sure there where no "dangerous" characters so I wrote a simple function:

    function InputCheck($input){

    $badchars = "[;|=|'|\"|?|*]";

    if(!ereg($badchars, $input)){
    return TRUE;
    }else{
    return FALSE;
    }
    }

    so I can take my array of values and run it through a function:

    foreach($Input as $CleanValue){
    if(!InputCheck($CleanValue))$StopProcess = TRUE;
    }

    This way I can test in a quick and simple way, and set a flag value perform some action later.

    Is there a simple way to use the mysql_real_escape_string function in a manor that I'm looking for?

    Thanks,
    Steve

  2. #2
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    the function modifires the sourcer string (well returns a modified form of the source string that is safe.. it doens't do wshat you want....

    I suppose the argument is do you want to stop anything that is suspect or make it safe?

    I'd alos have a look at the other similar sort of funtions such as htmlentities

  3. #3
    Join Date
    Feb 2008
    Posts
    8
    I would like to block any input strings that have dangerous characters in them and toss a flag so I can stop query execution.

  4. #4
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    in which case either write your own function or do a comparison after running the relevant function to see if hte function replaced anything

    if they are different then you know there was a problem

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •