Thanks bvr This is good to know, but I still need some validation with my particular application, as below. Thanks for your time.
Simon H > -----Original Message----- > From: bvr [mailto:[EMAIL PROTECTED]] > Sent: 04 February 2002 17:44 > To: php-general; Simon H > Subject: Re: [PHP] Yet another regex question > > > > > Hi, > > To prevent user input from messing with your query you just need to > escape the characters used to delimit query values. > > MySQL for example uses ' (single quote) to delimit values so you should > use addslashes() on all values. > > This will make inserting values containing the ' character work > and prevent > user input from manipulating your script to run arbitrary queries > on your DB server. > > The practical thing about MySQL is that it accepts quote > delimited values even for > integer fields. However, if you want to make a 'db safe' integer > you can use $var = (int)$var; > > For more advanced input validation, regular expressions can be > very adequate but I'd > recommend separating this from previous mentioned 'escaping' > which is simply needed > for your DB to function properly and safe. > > greets, > bvr. > > > > > > On Mon, 4 Feb 2002 17:18:20 -0000, Simon H wrote: > > >I'm trying to validate an input form, for database INSERT/UPDATE. I'm > >looking for a couple of Techniques and I cant seem to find examples > >anywhere: > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
