For this specific case, you could do : $("img[src='yada']").parent().prev().attr('value'); To…

Question

0

Asked: May 12, 20262026-05-12T15:02:18+00:00 2026-05-12T15:02:18+00:00

I am using $_GET , $_POST and $_COOKIE variables in method calls, SQL queries

0

I am using $_GET, $_POST and $_COOKIE variables in method calls, SQL queries and file calls – and it is necessary to escape / rewrite this user-data for better security (avoid injection attacks and the like). How would you recommend this is done?

Some ideas from built-in escape function … to get the juices flowing:

Add backslashes to: \x00, \n, \r, \, ', " and \x1a to make the string safe for SQL queries – as in mysql_real_escape_string().
Limit the number of accepted characters to [a-zA-Z0-9 _-\.] (where “\.” is an escaped “.”-dot).

Your inputs are appreciated. Thanks.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-12T15:02:19+00:00

As escaping depends on the system you are sending the data too, my suggestion would be to use the functions provided by PHP, specifically created for each system.

For instance :

for MySQL queries, use mysql_real_escape_string, or mysqli_real_escape_string, or PDO::quote
- Or use prepared statements (mysqli, PDO)
- Don’t add backslashes yourself : why do that when proper and well-working (and well-tested !) escaping functions already exist ?
for HTML output, use htmlspecialchars or htmlentities.

Either way : don’t re-invent the wheel !

There are escaping functions/methods that already exists for many kind of output : use those !

How to approach applying for a job at a company ...

What is a programmer’s life like?

How to handle personal stress caused by utterly incompetent and ...

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions