473,395 Members | 1,368 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > form security for database

Join Bytes to post your question to a community of 473,395 software developers and data experts.

Form security for database

Hi,
I don't find anywhere the answer to my question so I try to ask here.
I have in my pages different form fields ("find", "password", "message").
I know that is easy for an hacker to have information about my database
creating an error, or to enter in the secret zone...

So, what kind of contol or what I have to strip/erase from the input to have
a security (or almost)?
Is it a different control for different fields?

Thank you, and sorry for my english mistakes (I'm italian!:) )
Mark
Jul 17 '05 #1
3 2023
Here ya go:

// add slashes so that special characters are not interpreted
$message = addslashes($message);

//get rid of ALL html tags
$message = strip_tags($message);

//convert the tag leftovers to non-html
$message = htmlspecialchars($message, ENT_QUOTES);

Be carefull with the order of these functions. Double check on php.net

Greetz,

Barton

On Mon, 27 Oct 2003 11:04:46 +0100, "Mark Renton" <ma**@hotmaille.com>
wrote:
Hi,
I don't find anywhere the answer to my question so I try to ask here.
I have in my pages different form fields ("find", "password", "message").
I know that is easy for an hacker to have information about my database
creating an error, or to enter in the secret zone...

So, what kind of contol or what I have to strip/erase from the input to have
a security (or almost)?
Is it a different control for different fields?

Thank you, and sorry for my english mistakes (I'm italian!:) )
Mark


Jul 17 '05 #2
Good suggestions and here is one more that incorporates it all on one
line and adds a little somethin extra

$message = addslashes(htmlspecialchars(strip_tags(trim(chop($ message))),ENT_QUOTES));

This removes the white space from the begin and end, in addition to
all the other stuff he said.

Barton <bc***@NOSPAMMMhotmail.com> wrote in message news:<bn********************************@4ax.com>. ..
Here ya go:

// add slashes so that special characters are not interpreted
$message = addslashes($message);

//get rid of ALL html tags
$message = strip_tags($message);

//convert the tag leftovers to non-html
$message = htmlspecialchars($message, ENT_QUOTES);

Be carefull with the order of these functions. Double check on php.net

Greetz,

Barton

On Mon, 27 Oct 2003 11:04:46 +0100, "Mark Renton" <ma**@hotmaille.com>
wrote:
Hi,
I don't find anywhere the answer to my question so I try to ask here.
I have in my pages different form fields ("find", "password", "message").
I know that is easy for an hacker to have information about my database
creating an error, or to enter in the secret zone...

So, what kind of contol or what I have to strip/erase from the input to have
a security (or almost)?
Is it a different control for different fields?

Thank you, and sorry for my english mistakes (I'm italian!:) )
Mark

Jul 17 '05 #3
Thank you 2!
A question: is there any risk with this function if someone insert a
"SELECT" or other SQL command inside?
for example: someone say there could be a risk if in the password field you
write "OR a=a".

thks!! :)
Jul 17 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
How do I test safe form input?
by: Reply Via Newsgroup | last post by:
Folks, I am using Apache 1.3.x with PHP 4.3.x and MySQL v4. Short question: Before I put my web form available on the internet, how can I test it from mis-use in such that special characters...
PHP
3
SQL Server login Form For access
by: Rudi Groenewald | last post by:
Hi there... I use SQL server integrated security so when a user opens a database in access it prompts the username & password in a small popup box on connection, but I'd like to use my own...
Microsoft SQL Server
4
Multiple users using one form
by: Michael | last post by:
Hi, I have an Access database set up on a network drive that several users can access. The database has many queries but just one main form. I have designed a startup form where a user can...
Microsoft Access / VBA
4
conditional on a form already being opened
by: dvorett | last post by:
I have a form in my database that is password protected, and several forms contain buttons that open the password protected page. Each button asks for the password, but I dont want access to ask...
Microsoft Access / VBA
7
Connect Form to Database Insert Code
by: | last post by:
I am having trouble figuring out to call a database INSERT procedure from a simple submit form. It appears I should use the onclick event to trigger the procedure called BUT when I do this I...
ASP.NET
0
Reusable form functions
by: Toby Inkster | last post by:
Like me, you are probably confronted with many requests for surveys, questionnaires, feedback forms, registration forms and so forth: forms where the processing requirements are very simple (store...
PHP
2
Login Form
by: drum2001 | last post by:
What is the best way to create a form that requires users to input Username Password Then, it checks a table containing these values, verifying their correct? I am rather new to MS Access.
Microsoft Access / VBA
0
Inserting data from web form not working?
by: pd123 | last post by:
I'm new to C# and .net and I'm trying to create a form that will register users in a sql server database. I have the following code but when I run the code I get an error " The name 'Peter' is...
General
6
Form that does not have menu nor can be minimized
by: Col | last post by:
Hi - I'm working in a database that someone else created. They set up the switchboard so that it can't be minimized nor can you switch to design view. It's been a hassle because I'm testing stuff...
Microsoft Access / VBA
19
Proposal for Lite Encryption for Login Form without SSL
by: klenwell | last post by:
Another request for comments here. I'd like to accomplish something like the scheme outlined at this page here: http://tinyurl.com/3dtcdr In a nutshell, the form uses javascript to hash...
PHP
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!