How do I:
- Thread starter ruffilb
- Start date
cleverhandle
Diamond Member
- Dec 17, 2001
- 3,566
- 3
- 81
You've got two major issues. The first is connection security if there are passwords or other sensitive information being entered. For that you'll want SSL on the webserver. That's pretty easy, and there's nothing database-specific about it.
The second, probably more important, issue is input validation. You need to make sure that your SQL server is not interpreting what's supposed to be data as an SQL command instead ("SQL injection"). That opens you up to all kinds of nasty possibilities. Most languages have functions to help you with that (like PHP's stripslashes). But I would highly recommend looking at add-on libraries like PHP's PEAR routines to do this for you. They work at a slightly higher level than the native PHP commands and are a bit smarter at doing what you expect them to do.
The second, probably more important, issue is input validation. You need to make sure that your SQL server is not interpreting what's supposed to be data as an SQL command instead ("SQL injection"). That opens you up to all kinds of nasty possibilities. Most languages have functions to help you with that (like PHP's stripslashes). But I would highly recommend looking at add-on libraries like PHP's PEAR routines to do this for you. They work at a slightly higher level than the native PHP commands and are a bit smarter at doing what you expect them to do.
clamum
Lifer
- Feb 13, 2003
- 26,256
- 406
- 126
Sort of a side note to this, but related:
I'm taking customer information (name, addy, etc) and information about vehicles (make, model, year, price, description) and inserting that into a database. I suspect it won't get abused a great deal since the customer must go through a payment process before the information is sent to the MySQL database. Regardless, the information they submit still needs to be checked.
I've been looking at several PHP functions that aid in the safetying of data before it is entered into a MySQL database. Functions like addslashes, stripslashes, mysql_real_escape_string, and strip_tags. My question is this: What are the recommended functions to send the data to before saving it in the database? So far, while testing, I have just been using mysql_real_escape_string. But I am not sure of whether or not I need to use additional functions. Any suggestions?
I'm taking customer information (name, addy, etc) and information about vehicles (make, model, year, price, description) and inserting that into a database. I suspect it won't get abused a great deal since the customer must go through a payment process before the information is sent to the MySQL database. Regardless, the information they submit still needs to be checked.
I've been looking at several PHP functions that aid in the safetying of data before it is entered into a MySQL database. Functions like addslashes, stripslashes, mysql_real_escape_string, and strip_tags. My question is this: What are the recommended functions to send the data to before saving it in the database? So far, while testing, I have just been using mysql_real_escape_string. But I am not sure of whether or not I need to use additional functions. Any suggestions?
Oh, I know I can't code this by hand myself. Does anyone know of software that can create such a form for me?
Sorry guys, I wasn't very clear.
Sorry guys, I wasn't very clear.
you can use a graphical DB manager like PHPMyAdmin. Use the GUI to form your SQL, and copy/paste it into your code.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 22K
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 384
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
Facebook
Twitter