#1
  1. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Feb 2001
    Location
    USA
    Posts
    830
    Rep Power
    14

    Filtering user input for database queries


    Hi,

    I'm currently programming a site with a lot of instances of user input being used in queries to a mySQL database via PHP. I know that I need to filter or validate the user input, but what should I be looking for? I don't have a complete understanding of it, but I have seen mention of certain words - e.g. DROP, TRUNCATE - that should not make their way into a query, so do I need to literally and explicitly screen the user input for those and other specific words? It seems like there should be a more general solution...
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    Delete this message and repost it to PHP forum for best answers.

    Anyway, you first need to ask yourself what value do you expect for each field. Alphabetical? Numerical? How many characters?

    You don't screen user input, your script validates it after the form submittion.

IMN logo majestic logo threadwatch logo seochat tools logo