One more thing, should I use @ for security purpose or not so that the use can reply me with the errors so that I can troubleshoot the problem more effectively. Sumit ---------- Forwarded message ---------- From: Ashley Sheridan <ash@xxxxxxxxxxxxxxxxxxxx> Date: Thu, May 21, 2009 at 6:36 PM Subject: Re: SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE To: Sumit Sharma <sumitphp5@xxxxxxxxx> Cc: php-general@xxxxxxxxxxxxx On Thu, 2009-05-21 at 18:22 +0530, Sumit Sharma wrote: > Hi, > > I am designing a php website for my client which interact with database. > This is my first project for any client (I hope he is not reading this mail > ;-) ). I am a bit more concerned with database security. Can somebody shed > some light on the security measurements, precautions, and functions related > to database security in general to make sure that the data is safely stored > updated and retried from database. I have already used htmlentities(), > strip_tags(), addhashes(), and some regular expressions to check security. > Looking for help beyond this. > > > Thanks in advance... > Sumit I'd advise using something like mysql_real_escape_string() (assuming you are using a MySQL database that is) on each variable of data before you insert it into the database. You could go further and validate specific data, so check that a field which you expect a number only contains a number, etc. Ash www.ashleysheridan.co.uk
