473,322 Members | 1,610 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

MySQL/PHP: Check data length before INSERT?


Folks,

I've heard of buffer overflows being used/abused by hackers and believe one
method to reduce this from happening is to check the length of my form data
before writing it to my MySQL database.

Is my understanding correct?

At the moment, I pass all my data through htmlentities() before writing to
my database. Is this enough? Should I check each individual columns length
first, or perhaps the overall content length to fit within the maximum
record length?

I found a function called mysql_escape_string() and have thought of using
it - but other than strip_slashes(), I don't know the reverse (unless
strip_slashes() is the recommended opposite of mysql_escape_string()).

Can someone advise? Much appreciated,

--
Replies please... via the newsgroup, so everyone can learn...
Thanks,
Randell D.
Jul 19 '05 #1
1 3028
Randell D. wrote:
I've heard of buffer overflows being used/abused by hackers and believe one
method to reduce this from happening is to check the length of my form data
before writing it to my MySQL database.
MySQL should cut it for you, if it is too long to fit, but of course it
is smart ti check it before inserting it to table, because you never
know if there is a bug in MySQL.
At the moment, I pass all my data through htmlentities() before writing to
my database. Is this enough? Should I check each individual columns length
first, or perhaps the overall content length to fit within the maximum
record length?
Wouldn't it be smart to check it and inform the user that data doesn't
fit? That is propably better than just cuttting end off.
I found a function called mysql_escape_string() and have thought of using
it - but other than strip_slashes(), I don't know the reverse (unless
strip_slashes() is the recommended opposite of mysql_escape_string()).


You don't need to reverse mysql_escape_string() when reading. Just be
sure to call it before writing, because if you don't, you propably have
the most common security hole in your application.

Jul 19 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
by: Randell D. | last post by:
Folks, I've heard of buffer overflows being used/abused by hackers and believe one method to reduce this from happening is to check the length of my form data before writing it to my MySQL...
1
by: Agathe | last post by:
Bonjour, Je souhaite insérer dans une table MySQL des données provenant d'un fichier texte grâce à un script PHP. Mon fichier porte l'extension "txt" et les données sont séparées par des ";'. ...
1
by: jlee | last post by:
I'm pretty much a newbie on mysql, and I need some help. I am running mysql Ver 12.22 Distrib 4.0.24, for portbld-freebsd5.4 (i386) on a server hosting an active website. The site's developer...
3
by: snowweb | last post by:
I'm creating my first web application in PHP/MySQL, however, when I go to view the database contents, the data has been stored in the wrong columns. I've gone through my insertion code with a fine...
2
by: PHP_Paul | last post by:
Ok, I'm trying to poineer into the wonderful area of PHP/MySQL programming, but I'm having some difficulties. http://www.paulhq.com/php/freepage.html should register, but when anyone fills something...
1
by: Ike | last post by:
Recently, I began using a different MySQL verver (i.e. different machine as well as different version#, going from 4.12a to 4.1.9 max). The following query used to work: select firstname,...
10
by: eholz1 | last post by:
Hello Members, I am setting up a photo website. I have decided to use PHP and MySQL. I can load jpeg files into the table (medium blob, or even longtext) and get the image(s) to display without...
12
by: mantrid | last post by:
Hello Can anyone point me in the right direction for the way to read a text file a line at a time and separate the fields on that line and use them as data in an INSERT to add a record to a mysql...
221
Atli
by: Atli | last post by:
You may be wondering why you would want to put your files “into” the database, rather than just onto the file-system. Well, most of the time, you wouldn’t. In situations where your PHP application...
0
by: TechnoAtif | last post by:
<?php include "dbconnect.php"; include "commonFunc.php"; ?> <!----------------------------------> <table width="80%" border="1" cellpadding="2" cellspacing="0"> <tr > <td...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.