Results 1 to 3 of 3

Thread: protect my site

  1. #1
    Join Date
    Nov 2007
    Posts
    151
    Thanks
    67
    Thanked 0 Times in 0 Posts

    Default protect my site

    Hi

    I want to know how to protect my PHP driven web site. It includes a CMS, which I've created. As I understood it, the big problem is with the text boxes.
    My site has many of these, and I assumed that other Programmers are using some general class to protect them.

    Am I right?

    (If so, can you advice me about what should I include it this class)


    Thank you

  2. #2
    Join Date
    Sep 2006
    Location
    St. George, UT
    Posts
    2,769
    Thanks
    3
    Thanked 157 Times in 155 Posts

    Default

    Not 100% sure what you are wanting to protect, but if it is against sql injections you would want to run the input through mysql_real_escape_string() before inserting in or updating the database.

    There are also other techniques you could use, but the most common is the above.

    Hope this helps.
    "Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music." - Kristian Wilson, Nintendo, Inc, 1989
    TheUnlimitedHost | The Testing Site | Southern Utah Web Hosting and Design

  3. #3
    Join Date
    Apr 2007
    Posts
    28
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Yes, you need to have a code which stops bad stuff being saved in your database

    Code:
    function EvClean($string){
    if(get_magic_quotes_gpc()){
        $string = stripslashes($string);
    }elseif(!get_magic_quotes_gpc()){
        $string = addslashes(trim($string));//strip your slashes, or add them to break any injections.
    }
    $string = escapeshellcmd($string);//escapes all inputs and prevent php shell commands
    
    $string = mysql_real_escape_string($string); //strips all mysql injection attempts
    
    $string = stripslashes(strip_tags(htmlspecialchars($string, ENT_QUOTES))); //removes all html special tags
        return $string;
    }
    
    $message = EvClean($_POST['message']);
    echo $message;
    This code is good to deal with

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •