I currently have a guest book on my site. It is very basic. Recently

Question

0

Asked: May 26, 20262026-05-26T05:38:53+00:00 2026-05-26T05:38:53+00:00

I currently have a guest book on my site. It is very basic. Recently

0

I currently have a guest book on my site. It is very basic. Recently I have been doubting whether my current method of sanitizing the input added to the database is secure enough. Here is the current snippet of the code that collects the data and sanitizes it:

$name=$_POST['name'];
$c_name=mysql_real_escape_string(htmlspecialchars($name));
$detail=mysql_real_escape_string(htmlspecialchars($_POST['detail']));

Then obviously I would send the data to the server and place them in the necessary tables. Is this way efficient or are there any security holes I should be aware of? Thanks!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T05:38:54+00:00

Editorial Team

2026-05-26T05:38:54+00:00Added an answer on May 26, 2026 at 5:38 am

You should never use htmlspecialchars() on data you are sending to the database; it should only be used on output. Other than that, I recommend you read “Making Wrong Code Look Wrong” so that you can keep your variables straight.

… making robust code by literally inventing conventions that make errors stand out on the screen.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I currently have a guest book on my site. It is very basic. Recently

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply