How to check string in PHP + MYSQL?

Question

How to check string in PHP + MYSQL?

I am using PDO with preparation instruction.

I use Javascript to encrypt text from html textarea, decrypt it in PHP, add some text and overwrite the data before writing to the DB.

I use PHP to decrypt data from db and put it on HTML5 pages.

Often the content is the result of HTML-encoded text.

addslashes, htmlentities and preg_replace ... can I check / filter the data in the best way for me?

What is the difference between validating and filtering data?

I have no security experience. please help me find the best way for my application.

early

+3

php mysql validation html-entities addslashes

Jb. Feb 13 '14 at 8:28

source share

3 answers

? .

function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }

$username = clean($_POST['username']);

0

yul757 13 . '14 8:40

PHP 5.3, , .

:

http://www.php.net/manual/en/filter.filters.sanitize.php

Validation Filters:

http://www.php.net/manual/en/filter.filters.validate.php

0

Newbi3 Feb 13 '14 at 8:56

source share

JB. · Accepted Answer · 2014-02-13T12:06:20+0000

I think this is a good solution for me.

?

 function clearPasswrod($value){


     $value = trim($value); //remove empty spaces
     $value = strip_tags(); //remove html tags
     $value = htmlentities($value, ENT_QUOTES,'UTF-8'); //for major security transform some other chars into html corrispective...

      return $value;
 }
 function clearText($value){

     $value = trim($value); //remove empty spaces
     $value = strip_tags(); //remove html tags
     $value = filter_var($value, FILTER_SANITIZE_MAGIC_QUOTES); //addslashes();
     $value = filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); //remove /t/n/g/s
     $value = filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); //remove é à ò ì ` ecc...
     $value = htmlentities($value, ENT_QUOTES,'UTF-8'); //for major security transform some other chars into html corrispective...

     return $value;
 }
 function clearEmail($value){


     $value = trim($value); //remove empty spaces
     $value = strip_tags(); //remove html tags
     $value = filter_var($value, FILTER_SANITIZE_EMAIL); //e-mail filter;
     if($value = filter_var($value, FILTER_VALIDATE_EMAIL))
   {
     $value = htmlentities($value, ENT_QUOTES,'UTF-8');//for major security transform some other chars into html corrispective...
   }else{$value = "BAD";}  
     return $value;
 }

How to check string in PHP + MYSQL?

I think this is a good solution for me.

More articles: