IMB
Reputation: 15889
PHP: Basic sanitzation that are still relevant today?
Some years back, I use to do something similar to this on top of my script:
ini_set('magic_quotes_runtime', 0);
ini_set('magic_quotes_sybase', 0);
ini_set('url_rewriter.tags', '');
ini_set('session.use_trans_sid', 0);
function clean_input ($arr)
{
if (!get_magic_quotes_gpc())
$arr = array_map('addslashes', $arr);
return $arr;
}
$_GET = clean_input($_GET);
$_POST = clean_input($_POST);
$_COOKIE = clean_input($_COOKIE);
$_REQUEST = clean_input($_REQUEST);
Are this still relevant today at least in PHP 5.2?
Moreover, what is the minimum basic sanitation stuff we need in today?
Upvotes: 0
Views: 73
Answers (2)
Chris G.
Reputation: 3981
mysql_real_escape_string() on anything that enters your database.
htmlentities() on anything that exits your database.
The Security class that is bundled with CodeIgniter is quite good. I would suggest looking through it if you are curious what is considered production ready.
Upvotes: 1
Kenny Thompson
Reputation: 1492
If you are using a mysql db I would say use mysql_real_escape_string() to clean user input
Upvotes: 1