Fwd: SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



One more thing, should I use @ for security purpose or not so that the use
can reply me with the errors so that I can troubleshoot the problem more
effectively.


Sumit

---------- Forwarded message ----------
From: Ashley Sheridan <ash@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, May 21, 2009 at 6:36 PM
Subject: Re:  SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE
To: Sumit Sharma <sumitphp5@xxxxxxxxx>
Cc: php-general@xxxxxxxxxxxxx


On Thu, 2009-05-21 at 18:22 +0530, Sumit Sharma wrote:
> Hi,
>
> I am designing a php website for my client which interact with database.
> This is my first project for any client (I hope he is not reading this
mail
> ;-)  ). I am a bit more concerned with database security. Can somebody
shed
> some light on the security measurements, precautions, and functions
related
> to database security in general to make sure that the data is safely
stored
> updated and retried from database. I have already used htmlentities(),
> strip_tags(), addhashes(), and some regular expressions to check security.
> Looking for help beyond this.
>
>
> Thanks in advance...
> Sumit

I'd advise using something like mysql_real_escape_string() (assuming you
are using a MySQL database that is) on each variable of data before you
insert it into the database. You could go further and validate specific
data, so check that a field which you expect a number only contains a
number, etc.


Ash
www.ashleysheridan.co.uk

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux