1. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Feb 2001
    Rep Power

    Filtering user input for database queries


    I'm currently programming a site with a lot of instances of user input being used in queries to a mySQL database via PHP. I know that I need to filter or validate the user input, but what should I be looking for? I don't have a complete understanding of it, but I have seen mention of certain words - e.g. DROP, TRUNCATE - that should not make their way into a query, so do I need to literally and explicitly screen the user input for those and other specific words? It seems like there should be a more general solution...
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Rep Power
    Delete this message and repost it to PHP forum for best answers.

    Anyway, you first need to ask yourself what value do you expect for each field. Alphabetical? Numerical? How many characters?

    You don't screen user input, your script validates it after the form submittion.

IMN logo majestic logo threadwatch logo seochat tools logo