Security and Cryptography
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me

The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.

Go Back   Dev Shed ForumsSystem AdministrationSecurity and Cryptography
Reload this Page

Filtering user input for database queries


Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old July 4th, 2001, 03:55 PM
JMM JMM is offline
Contributing User
Dev Shed Novice (500 - 999 posts)
  
Join Date: Feb 2001
Location: USA
Posts: 830 JMM User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 3 h 17 m 56 sec
Reputation Power: 13
Filtering user input for database queries
Hi,

I'm currently programming a site with a lot of instances of user input being used in queries to a mySQL database via PHP. I know that I need to filter or validate the user input, but what should I be looking for? I don't have a complete understanding of it, but I have seen mention of certain words - e.g. DROP, TRUNCATE - that should not make their way into a query, so do I need to literally and explicitly screen the user input for those and other specific words? It seems like there should be a more general solution...
Reply With Quote
  #2  
Old July 4th, 2001, 05:42 PM
freebsd freebsd is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jan 2001
Posts: 5 freebsd User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Delete this message and repost it to PHP forum for best answers.

Anyway, you first need to ask yourself what value do you expect for each field. Alphabetical? Numerical? How many characters?

You don't screen user input, your script validates it after the form submittion.
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationSecurity and Cryptography > Filtering user input for database queries

« Previous Thread | Next Thread »

Developer Shed Advertisers and Affiliates



Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap