#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2000
    Location
    durham, nc, usa
    Posts
    14
    Rep Power
    0
    I have a site running with PHP3 and MySQL on the back end.

    There is an HTML form driving a set of search and update queries.

    For checkbox and radio button input, it's easy enough to obscure the input so that no damage can easily be done during the query.

    However, I was asked to add a text search field (i.e., Name contains _____).

    this field (call it searchstring) seems to work fine generally, but I am concerned about exposure and properly validating the user's input. In one case, the field is used to update data and provides an opportunity for the user to insert something like :

    Odonnell'delete * from employee;' which may have unpleasant effects on my database.

    Where can I find reliable information on protecting my site from unexpected user input? I have seen a few comments in this forum about handling ticks in user input, etc. but nothing comprehensive on the subject.

    Thanks,

    Jim
  2. #2
  3. No Profile Picture
    Apprentice Deity
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 1999
    Location
    Niagara Falls (On the wrong side of the gorge)
    Posts
    3,237
    Rep Power
    19
    Check addslashes() and the magic_quotes directives.

Similar Threads

  1. Codepupil
    By Adachic in forum C Programming
    Replies: 3
    Last Post: February 6th, 2004, 06:50 PM
  2. data validation (again)
    By Germanjulian in forum PHP Development
    Replies: 3
    Last Post: January 19th, 2004, 07:34 AM
  3. Creating a data validation form
    By JetJackson in forum PHP Development
    Replies: 1
    Last Post: January 9th, 2004, 06:23 AM
  4. my comp sux lately , need help from pro's
    By Hykinsel007 in forum Windows Help
    Replies: 2
    Last Post: January 5th, 2004, 01:52 PM
  5. Keeping one column static while others scroll
    By anshul9189 in forum HTML Programming
    Replies: 4
    Last Post: December 5th, 2003, 10:50 PM

IMN logo majestic logo threadwatch logo seochat tools logo