Home/ Questions/Q 6681547
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T04:36:09+00:00

Possible Duplicate: Best way to defend against mysql injection and cross site scripting Validating

  • 0

Possible Duplicate:
Best way to defend against mysql injection and cross site scripting
Validating user input?

I know that for mysql I can use > mysql_real_escape_string but what can I use for php server side to maximally secure it from hacking ? Is there any ultimate way to do it ? If not please write all possible ways to minimize threat of hacking the site.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Best way? Sanitize it when you need it

    Often times I see things like

    Bad code 

    foreach ($_GET as $k => $v){
  $_GET[$k] = MyUberSanitizeFunction($v);
}

    But that works very few times, and is very much type specific (i.e. in one instance an ID may only want to be numbers, but not every value should be stripped of non-numerics).

    Worry about cleansing the information when you need it. If you’re going to use it multiple times, cleanse it in to a stored variable, then work with it. But don’t worry about “mass sanitizing” on every query request.

    • 0