Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Possible Duplicate:
How to prevent SQL injection in PHP?
I use PDO prepared statements to prevent MySQL injection, but should I be doing anything more to sanitize user input? The user will only be shown his own input and the input of others he “friends.” Is there anything else I need to do to sanitize input?
I don’t think that magic quotes are enabled, and I can’t think of any other way a user could mess with my site, but I am new to this so I am not sure.
Thanks in advance!
If you’re using prepared statements, then you shouldn’t have any issue with MySQL injection.
You might consider sanitizing your output, however, like only displaying certain HTML tags (if any at all), to avoid issues with someone messing with the site’s layout or, worse, executing arbitrary JavaScript.