Hi

I want to know how to protect my PHP driven web site. It includes a CMS, which I've created. As I understood it, the big problem is with the text boxes.
My site has many of these, and I assumed that other Programmers are using some general class to protect them.

Am I right?

(If so, can you advice me about what should I include it this class)


Thank you :)

Not 100% sure what you are wanting to protect, but if it is against sql injections you would want to run the input through mysql_real_escape_string() (http://php.net/mysql_real_escape_string) before inserting in or updating the database.

There are also other techniques you could use, but the most common is the above.

Hope this helps.

Yes, you need to have a code which stops bad stuff being saved in your database


function EvClean($string){
if(get_magic_quotes_gpc()){
$string = stripslashes($string);
}elseif(!get_magic_quotes_gpc()){
$string = addslashes(trim($string));//strip your slashes, or add them to break any injections.
}
$string = escapeshellcmd($string);//escapes all inputs and prevent php shell commands

$string = mysql_real_escape_string($string); //strips all mysql injection attempts

$string = stripslashes(strip_tags(htmlspecialchars($string, ENT_QUOTES))); //removes all html special tags
return $string;
}

$message = EvClean($_POST['message']);
echo $message;

This code is good to deal with