I have a feedback form which will take a couple of user inputted fields

Question

0

Asked: May 29, 20262026-05-29T04:30:10+00:00 2026-05-29T04:30:10+00:00

I have a feedback form which will take a couple of user inputted fields

0

I have a feedback form which will take a couple of user inputted fields along with a few fields generated by PHP functions like ‘user-agent’ and ‘referer.’

My question is should these strings be sanitized before being inputted? I realize one could easily alter the user-agent and the referring page, but could it be possible for a visitor to add a SQL injection like string so when PHP pulls this info it potentially breaks my form?

For instance if a user changed their user-agent or referring page to include the string Robert'); DROP TABLE Students;--

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-29T04:30:12+00:00

Editorial Team

2026-05-29T04:30:12+00:00Added an answer on May 29, 2026 at 4:30 am

Simple Answer: validate/sanitize/escape everything (like client-side data, for example) because everything could be modified and evil or contain unexpected characters that could break your query (like Col. Shrapnel explained).

to minimize risk you should also about using prepared statements instead of building SQL-strings on your own (Note: this doesn’t mean you can leave out the checks).

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a feedback form which will take a couple of user inputted fields

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply