PDA

View Full Version : need help with safety of input from html form


jake7338
07-03-2006, 10:25 PM
I am a new programmer.... I have a form on my site where people can input data via an html form and then i put it in a MySQL db.

What is normal safety practice to filter this input? Please help.

For example in html code like this:
<input type="text" name="phone" value="" size="12">

Thanks,
--jake

Paul M
07-04-2006, 01:24 AM
Are you referring to vbulletin or just in general, as vb has some built in functions to do it.

jake7338
07-04-2006, 02:02 AM
I meant just in general. However, i would like to implement some general vb stuff on this page. So could you tell me both? What are the include statements for the vb stuff.

Thanks,
--jake

sabret00the
07-04-2006, 11:28 AM
check out escape_string http://dev.mysql.com/doc/refman/5.0/en/mysql-escape-string.html

also check out functions like is_numeric(), is_string(), intval(), preg_match(), eregi()