Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PHP / MySQL, Special characters, data integrity and security

Status
Not open for further replies.

southbeach

Programmer
Jan 22, 2008
879
US
Howdy!

At which point should one be concerned with special characters

(1) data entry level
(2) saving to table
(3) pushing to web
(4) other _______

As is the case with all or most of us, data integrity, security and flexibility is staring right at me. I need to allow user the use of anything under the sun (for the most part) but yet, application|server security cannot be compromised.

Data is of no use to user if content is missing so, how does one work out the compromise? I figure I use
Code:
htmlspecialchars($string, ENT_QUOTE, 'UTF-8')
when pushing to web and
Code:
mysqli_real_escape_string($link, $string)
when storing to table.

What else should I do? Is this even what I should do?





--
SouthBeach
The good thing about not knowing is the opportunity to learn - Yours truly, 2008.
 
(2) is the only place you need to be really concerned, as that is really the only time that 'special' characters are likely to create any kind of problem for the database server.

Though for security aspects, (2) should cover any time you are building a query from user supplied input, not just when inserting or updating the data.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top