mysql_escape_string() is what you're looking for.
Jed
Sebastian wrote:
just a question, what is the best way to sanitize your scripts when you're using $_GET or $_REQUEST in a query?
eg, i usually just do:
if(is_numeric($_REQUEST['id'])) { mysql_query("SELECT id FROM table WHERE id=".intval($_REQUEST['id']).""); }
what about when the GET is text? just use htmlspecialchars? just looking for some advice to help keep my apps secure.
cheers
--
_
(_)___ Jed Smith, Code Monkey
| / __| jed@xxxxxx | jed@xxxxxxx
| \__ \ +1 541 606-4145
_/ |___/ Signed mail preferred (PGP 0x703F9124)
|__/ http://personal.jed.bz/keys/jedsmith.asc-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
